Allowing file() for just one website on a shared server

[zzapper]

Hi
I need to use the file() function to read information from a remote url. file() is however not allowed on that particular server. The Hosting company is quite willing allow it for my website but doesn't want to enable it server wide. What options are available? Are there add-ons , alternatives to file(), a .htaccess trick etec etc?

Server: Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8g PHP/4.3.1 mod_throttle/3.1.2 mod_gzip/1.3.26.1a

 

[jpadie]

it won't be file() that is being blocked, it will be most probably either open_basedir() or allow_url_fopen();

if you post the output of phpinfo() we can better advise you. there may be workarounds you can employ.

 

[zzapper]

Hi jpadie
As you suggested it is allow_url_fopen which is the problem

the following link exposes the problem & suggests a solution

http://wiki.dreamhost.com/index.php/Allow_url_fopen#Example_exploitation

zzapper

 

[jpadie]

i can't believe that they would say

Enabling allow_url_fopen is a terrible idea that exposes your website, and the websites of others on your shared server, to unnecessary risk.

that's naive and extremist.

the easiest thing for you to try is to upload a php.ini file to your script directory which has the following in it

allow_url_fopen = on

if that does not work (and it may not), then i'd suggest to use cUrl instead.

 

[feherke]

Hi

that's naive and extremist.

I agree. For security reason normally is enough to disable [tt]allow_url_include[/tt] ( since PHP 5.2.0 ). Only free hosts used to disable [tt]allow_url_fopen[/tt] to stop using them as regional proxy.

Feherke.

http://rootshell.be/~feherke/

 

[zzapper]

Feherke
As you suggest My webmaster is moving us to a PHP5 Server where it is allowed!!

zzapper


zzapper

http://passiveearners.com/

Passive Income Streams