I intsall the plugin Securityinfo. When i check the different item of the secutity plugin, it mentione this :
“allow_url_include is enabled. This could be a serious security risk. You should disable allow_url_include and consider using the [PHP cURL functions] instead.”
My question How disable allow-url-include ?
Must I create an ini.php file at the root of the matomo database
Should I modify the config.ini.php in the config folder of matomo? And at what level? In the GENERAL tab?
I’m a little bit confused
allow_url_include is a PHP function and if you want PHP to disallow this function, you have to change your PHP configuration (this has nothing to do with Matomo).
How you do this depends totally on how you have set up PHP. If you are e.g. using php-fpm on an Ubuntu or Debian server, you have to edit sudoedit /etc/php/7.4/fpm/php.ini. If you have a Windows server you have to look for the php.ini file where you installed PHP. And if you have not set up your PHP setup yourself, but let someone else do that you have to ask them how they support changing the PHP configuration for you.