Allow_url_fopen Workaround
Jul 6, 2007I wouldn't like to disable allow_url_fopen on my servers, because some scripts depends on that but it's getting very common to see scripts being abused because of this feature
any ideas on how to at least log its usage, so it's easier to detect who caused the exploitation (usually for SPAM or shell)? I though about a "=http://" mod_security filter
but maybe (I hope) there a better way