1
jcera
setting allow_url_fopen to off in httpd.conf
  • 2007/1/26 18:56

  • jcera

  • Just popping in

  • Posts: 72

  • Since: 2004/6/5 6


I just want to know if there's anything else missing from the code that was provided in the Security Advisory page.

It gave the following example to put into the httpd.conf file:

php_admin_flag allow_url_fopen off

I did place this in the config file but my Security advisory still says that this file is still not secure...has anyone encountered the same trouble? Is there anything else I need to add aside from the script above?

2
vaughan
Re: setting allow_url_fopen to off in httpd.conf
  • 2007/1/26 22:03

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


you didn't read the advisory correctly.

it doesn't say to enter it in httpd.conf you disable it in php.ini

or create an htaccess file (providing you aren't runnin php in cgi mode or phpsuexec)

Login

Who's Online

445 user(s) are online (374 user(s) are browsing Support Forums)


Members: 0


Guests: 445


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits