php ini allow_url_include

Whether to allow include/require to open URLs (like http:// or ftp://) as files.The many security researchers recommend disabling the php.ini directive allow_url_include in PHP installations.

allow_url_include = Off

Unfortunately most people recommending this are unaware that this will break lots of applications and is not a 100% solution to stop remote URL includes and therefore INSECURE.





Content