Warning: include() [function.include]: URL file-access is disabled in the server configuration is an error obtained by using the include command. Lucky for webmasters, this error is easily fixed via several different methods.
If you’re seeing this error, we are willing to bet that you are using the include statement as seen below:
Common Include File Usage
<?php include ("http://www.YourDomain.com/includes/header.php"); ?>
And you are more than likely getting an error similar to the following:
Include File Error Message
<?php /*Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/YourUsername/public_html/index.php on line xx */ /*Warning: include(http://www.YourDomain.com/index.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/YourUsername/public_html/index.php on line xx*/ /*Warning: include() [function.include]: Failed opening 'http://www.YourDomain.com/index.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/YourUsername/public_html/index.php on line xx*/ ?>
What specifically causes this error is the fact that the server has upgraded from PHP 4 to a newer version. In the upgrade, the allow_url_fopen is set to OFF, which is responsible for disallowing include files to use absolute file paths.
Don’t be in a rush to turn this off in your system configuration just yet! Any upgrades past PHP 4 will turn allow_url_fopen to OFF as default due to security concerns. This is most prevalent in cross-site scripting attacks, or XSS attacks. In some cases, malicious users have even enslaved a server to become a spam-email-sending nightmare: all without the administrator noticing!
If there is any part of a website that allows a user to upload data of some sort, there are vulnerabilities that are present with poor coding that may allow malicious users to inject an include statement. By allowing allow_url_fopen to be set to ON, it allows them to include any file they wish from any website on the Internet. With it set to OFF, only documents on the server may be included. This is much safer considering you probably don’t have malicious code stored on the server. (And theoretically, if you did, hackers probably wouldn’t be able to find it)
A web server will automatically assume that the code below belongs on the server, and thus, is not a remote file:
PHP Include File With Relative Paths
<?php include (header.php); //This file is in the same directory as the PHP file include (includes/header.php); //This file is in a directory under the PHP file include (../header.php); //This file is in the directory above the current PHP file ?>
Relative file paths can be used in every legitimate situation an absolute path would be used, although it may take a little more work. As in the example above, you may have to work at determining where the file you wish to include exists in relation to the PHP file being run.
Not your idea of fun? We aren’t fond of it either, so on to the next solution!
We may substitute the include statement with file_get_contents, which reads an entire file into a string.
PHP Include With File_Get_Contents
<?php $includeFile = file_get_contents("http://www.YourDomain.com/includes/header.php"); echo $includeFile; ?>
This is a good alternative to keep the absolute path an option in including a certain file. There are some instances where the above code wouldn’t come out as planned, depending on the situation. In addition, it adds another line of code that we can relinquish with the best solution: using a server variable.
If you don’t want to spend hours rearranging code, you can do it the easy way with $_SERVER['DOCUMENT_ROOT'].
PHP Include Server Variables
<?php include $_SERVER['DOCUMENT_ROOT'] . '/includes/header.php'; ?>
This allows you to keep the absolute path that you’ve come to be familiar with in using the include statement. Technically, the $_SERVER['DOCUMENT_ROOT'] command gives your path to the public_html directory, as seen below:
Essentially this is the root of your website, www.YourDomain.com, and therefore, you can use it just as you would with any other include statement. Just replace www.YourDomain.com with the server variable and you’re set!
The short answer: no; allow_url_fopen was turned off for a reason. If you don’t own your own server, odds are your host won’t even allow the change in the first place. If you do own your own server, realize that the third solution presented in this tech tip takes almost no time to implement, and only requires that the base URL be replaced with a server variable.
The bad news is that you’ll probably have to switch many pages in your website to conform to the new standard. The good news is that once that’s done you’ll have a more secure server, and by following the new syntax, you’ll never have to change the code again.
thanks it works for me, but I include a google docs with images on the document and the image does not show up on the browser. How would I have it to show up?
Felix- I’m sorry but I don’t understand your question. Please give some more details, or at the very least take a screen shot and post it here.
Thanks
I guess Felix didn’t want to tell you no more.
Hi Zachary, I have tried inserting the includes/ but I still get this at the Public Library in New York State: Forbidden You don’t have permission to access /includes/register.php/alfov.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
——————————————————————————–
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.lz9.com Port 80
Best Regards, Alfred Vining
Alfred-
If you will submit code to admin@learnphponline.com I can help you. It sounds like it is either a Chmod issue or syntax error. May I ask why you have a folder named “register.php”? This may also be related.
Thanks!
Thanks a lot for the solution. [:)]
Thatks so much for providing this info. Was wracking my brains on how I could get the include function to work whilst using mod rewrite (which was mucking around with the directories), simply did this:
THANKS AGAIN!!
Oops, PHP code was filtered out! Well, I just added the system root line to my code (:
Very useful article. Do you know how I would include a file below the root? The file I’m trying to include is a database connection file held below the root where I use include(‘../mysql_config.php’) or include(‘../../mysql_config.php’) depending on the current directory. It would be much better if I could use the same code everywhere Thanks!
Good information. What I don’t understand is how I copied a working website to a new one, and then the includes failed. The old web site is still working fine.
Thank you for this post!
Thanks so much for the post! I’ve been beating my head against the wall trying to make include work on PHP5. Your “Best Solution” did the trick.
Hi need some help i tried the code like the one below. I want to pass a value(Zen5) to my local file. but it gave me those 3 errors that you indicated above.Any ideas for this? Below is the function i used: include (“http://localhost/Zen5/banner.php?titleName=Zen5″).
First of all, thanks for the useful post! I just switched hosts and was confused why my includes stopped working until Google brought me here. I was hoping to use the “best solution” so I didn’t have to worry about directory placement and so forth however it actually seems to look for the files in the current directory rather than the public_html directory. For example if my page from public_html/photography is using include $_SERVER['DOCUMENT_ROOT'] . ‘/header.php’ it is trying to pull that from the photography directory rather than the public_html directory. I tried a few different variations but had to use php include $_SERVER['DOCUMENT_ROOT'] . ‘/../header.php’ to get it to work, which doesn’t seem any different than the first solution? Am I missing something? Thanks!
Er, I figured it out. My subdomains were causing the problem. To get it to work both in the subdomain and outside it (for example sub.domain.com and domain.com/sub) I had to use php include(‘/home/username/public_html/header.php’).
This is a great post. However, what do you suggest I do when the function file_get_contents() throws the error?
Warning: file_get_contents() [function.file-get-contents]: URL file-access is disabled in the server configuration in /homepages/28/d272495500/htdocs/iheard.org/modules/CGGoogleMaps/lib/GoogleMapAPI-2.4/GoogleMapAPI.class.php on line 1388
(this is from a CMS MS instance, trying to use a CGGoogleMaps extension. Am searching all over the internet for help (am quite dumb when it comes to development…)
I switched to php 5 via .htaccess file (the default on the server i am using is php 4.4.9). I switched specifically because of the extention – its latest version are build around php5.
Any comments will be appreciated, thank you,
J.
Jana – Check this out: http://www.learnphponline.com/errors/url-file-access-is-disabled-in-the-server-configuration
Hi
I need help: I have a VPS, allow_url_fopen is ON, yet I still get that include error. What could be the cause and how to fix this?
I just want to chime in here – I’ve been trying to install PHP SSI on a Blogger blog hosted via my FTP; this [the "best solution"] is probably the twentieth I’ve implemented, and the first that did the trick. Thank you.
Warning: simplexml_load_file() [function.simplexml-load-file]: URL file-access is disabled in the server configuration in /home/xxxxxxxxxx/public_html/xxxxxxxxx/search.php on line 82
Please Tell Me in Detail How Should I Sove this Problem ….I mean what PHP Files I Should Add … What Should I Name It … I Am Little Noob in Coding
Thanks, this really helps!
Thanks so much for posting this. It was a dead-on fix. I do not host my website on my own servers so I didn’t know PHP had been upgraded so it caught me off guard. I was able to fix it quickly thanks to your article.
AWESOME!!!MJI
I have always used relative URLs but went with absolute for a new website. Everything was fine until the web host turned allow_url_fopen off. A little (lot) of find and replace and I am back up and running. Thanks for pointing out the fix!
Hi, I’m still unsure about how to implement the suggested best solution,
For example, I have 2 sites, A and B. A has the file that I want to reuse on B.
how do I write the include code for B using the best solution method?
tsholo
Home
RSS Feed
