October 18, 2009

Cloud Computing, Enterprise Cloud Technology 2 min read

How To Solve The PHP Error Message of “Warning: include() [function.include]: URL file-access is disabled in the server configuration”

You're most definitely trying to run an include command on your page which looks like this:


or even something that might look legitmate, like:


If you are suddenly facing this error message on your account that has been working perfectly fine in the past, then the most likely reason is that your web host has upgraded from PHP 4 to a newer version. That's not their fault though, because PHP 4 is already deprecated and obsolete. PHP 5 introduces better security, meaning that although it's less convenient for you, hackers and attackers won't be able to rip your site apart so easily anymore. One of the security upgrades that happened is that the allow_url_fopen variable in PHP is set to OFF by default. This variable decides if your include functions can use absolute file paths.

The solution to this is simple. You might be thinking: "Great, let me just find out how to turn on the PHP allow_url_fopen!" But before you do that, check out the alternatives. Turning on this PHP variable will allow attackers and hackers to use an include statement to include a file from anywhere on the Internet. That's dangerous stuff. With the PHP variable set to off, only documents on your server can be referenced and included, which is inherently more secure. Here at Vodien, we highly recommend that the defaults be kept, for the safety of our customers. Sure, it might seem more convenient to turn it on, but then you'll be running a higher risk of your site being attacked and hacked.

For an easy way to include files with this variable turned off, just use the $_SERVER['DOCUMENT_ROOT'] variable, like so:


With that, you can include files on your server as per usual, while being protected from malicious URL calls.

[template id="7325"]

Skip to section