Warning: include() [function.include]: URL file-access is disabled in the server configuration
Posted on November 10, 2007
Filed Under PHP Hosting |
If your PHP installation is secure and you try to include a file using an absolute path or a remote file then you will face this issue. For example …
<?
include ("http://www.somedomain.com/file.php");
?>
will result in you seeing this PHP error when viewing the page in your browser …
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/user/public_html/page.php on line xx
Warning: include(http://www.somedomain.com/file.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/user/public_html/page.php on line xx
Warning: include() [function.include]: Failed opening ‘http://www.somedomain.com/file.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/user/public_html/page.php on line xx
PHP 5 has the include function for remote files disabled by default and if your host is using another version of PHP and has secured the installation then you will also face this error.
The reasons for disabling PHP include for remote files is clear - to do so would leave your coding open to cross site scripting attacks (XSS attacks). This is the method by which someone of malintent would inject their own code into yours, such malicious code is usually crafted to conduct a DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack both of which would cause server downtime. Other injections could include alternative page content, such as a ‘Hacked by some Hackers’ type of announcement across your web page(s).
So if you were planning on asking your host to allow this function for remote files, think again.
This error can easily be dealt with by using a better solution for including remote file contents in your coding. If you want to include a remote file then I would recommend that you use the file_get_contents() function instead. Use this function together with a variable and return the variable in your code …
<?
$a = file_get_contents("http://www.somedomain.com/file.php");
echo ($a);
?>
If you are trying to include a file that is already in your site then use a relative URL rather than an absolute one …
<?
include (file.php);
?>
.
Comments
Leave a Comment
If you would like to make a comment, please fill out the form below.
You must be logged in to post a comment.
Recently
- Blue Square House 2 NOC Outage
- Frontpage error - The version (unknown) of the server extensions you are trying to uninstall cannot be uninstalled with this tool. You must upgrade this virtual server to the current version, and then use owsadm.exe to uninstall
- Webdisk opens with notepad - how to get it to work properly
- SEO and sites on the same IP address
- Kernel Updates without the panic - reboot fails
- Saving Disk Space
- White Label Reseller Web Hosting
- What are addon, sub and parked domains all about then?
- PHP Nuke install error - folder already exists
- Setting your default address in cPanel - why its better to use :fail: instead of :blackhole:
Categories
- Configuring Email in cPanel
- cPanel Web Hosting
- cPanel Webdisk
- Domain Hosting
- Domain Names
- Exim mail server
- Fantastico
- Frontpage
- Kernel
- Mail Server administration
- Multiple Domain Web Hosting
- Operating Systems
- PHP Hosting
- PHP Nuke Web Hosting
- Reseller Web Hosting
- Unbranded Web Hosting
- Updating software
- Web Hosting
