This article specifically show how to enable the option ‘allow_url_include’ for PHP settings. Basically, it is just a normal setting in PHP. It is important since some applications may need to enable this option setting. One of the example is the DVWA application. The following is the image of the DVWA application installation step :
As in the above image, there is an option with the name of ‘allow_url_fopen’ where it is currenty is disabled. In order to enable the option, there are few steps for enabling it. The following are the steps for enabling the option with the name of ‘allow_url_fopen’ :
1. Find the correct PHP file configuration. Normally, the file name is ‘php.ini’. Not just a regular ‘php.ini’ file, but make sure that the file is the right file. It is the one that the Web Application Server take as the reference for executing PHP-based web application. For an example, in this article context, it is available at ‘/etc/php/7.2/apache2/php.ini’.
2. Edit the file mentioned in the previous step. Search the following entry :
allow_url_include = Off
Change it to the following entry. Furthermore, if the entry itself is not exist, just add the entry :
allow_url_include = On
3. Save the file after editing it.
4. Finally, don’t forget to restart the Web Application Server. Normally, the restart process is a root privilege, so execute it in ‘root’ account. It is a must in order to make the Web Application Server implement and use the edited PHP configuration file. For an example, in this article context, since the Web Application Server is Apache Webserver, the command for restarting the service is as follows :
root@hostname:~# systemctl restart apache2 root@hostname:~#