I use following PHP function:
file_get_contents(\'http://example.com\');
Whenever I do this on a certain server, the result is empty. When I do
The answers provided above solve the problem but don't explain the strange behaviour the OP described. This explanation should help anyone testing communication between sites in a development environment where these sites all reside on the same host (and the same virtualhost; I'm working with apache 2.4 and php7.0).
There's a subtlety with file_get_contents()
I came across that is absolutely relevant here but unaddressed (probably because it's either barely documented or not documented from what I can tell or is documented in an obscure php security model whitepaper I can't find).
With allow_url_fopen
set to Off
in all relevant contexts (e.g. /etc/php/7.0/apache2/php.ini
, /etc/php/7.0/fpm/php.ini
, etc...) and allow_url_fopen
set to On
in the command line context (i.e. /etc/php/7.0/cli/php.ini
), calls to file_get_contents()
for a local resource will be allowed and no warning will be logged such as:
file_get_contents('php://input');
or
// Path outside document root that webserver user agent has permission to read. e.g. for an apache2 webserver this user agent might be www-data so a file at /etc/php/7.0/filetoaccess would be successfully read if www-data had permission to read this file
file_get_contents('<file path to file on local machine user agent can access>');
or
// Relative path in same document root
file_get_contents('data/filename.dat')
To conclude, the restriction allow_url_fopen = Off
is analogous to an iptables
rule in the OUTPUT
chain, where the restriction is only applied when an attempt to "exit the system" or "change contexts" is made.
N.B. allow_url_fopen
set to On
in the command line context (i.e. /etc/php/7.0/cli/php.ini
) is what I had on my system but I suspect it would have no bearing on the explanation I provided even if it were set to Off
unless of course you're testing by running your scripts from the command line itself. I did not test the behaviour with allow_url_fopen
set to Off
in the command line context.