suhosin-errors

Post by **Lux** » Mon Apr 23, 2012 10:11 am

Hi!

How long shall the variables be (and how is the corresponding suhosin parameter called)?

Apr 23 09:08:34 rico suhosin[17309]: ALERT - configured request variable name length limit exceeded - dropped variable '/plugin/cachedAvatar_95f70358f16ee23f5d3c5a62db2fd416_49da80dd0232882bee8b791976924f73_e55be2a1302751c8eb666fe48ad6e09f' (attacker '217.86.146.99', file '/srv/www/deimeke.net/dirk/blog/index.php')

Thanks for any hint.

Dirk

Timbalu · Post by **Timbalu** » Mon Apr 23, 2012 10:41 am

You need to test...

suhosin.get.max_name_length (default 64)
suhosin.post.max_name_length (default 64)
suhosin.request.max_varname_length (default 64)

Post by **Lux** » Mon Apr 23, 2012 11:02 am

Timbalu wrote:You need to test...

suhosin.get.max_name_length (default 64)
suhosin.post.max_name_length (default 64)
suhosin.request.max_varname_length (default 64)

Thanks!

I raised them to 1024.

Will see what happens.

Cheers

Dirk

Timbalu · Post by **Timbalu** » Mon Apr 23, 2012 4:28 pm

Lux wrote:I raised them to 1024.

This makes the use of suhosin tracking request userdata obsolet, I suppose.

This avatar url is very long, does it really need to?

Post by **Lux** » Mon Apr 23, 2012 4:36 pm

Timbalu wrote:
Lux wrote:I raised them to 1024.
This makes the use of suhosin tracking request userdata obsolet, I suppose.

Agreed!

Timbalu wrote:This avatar url is very long, does it really need to?

Up to the developpers.

This one URL was only an example, I got about 90 errors per hour.

Cheers

Dirk

suhosin-errors

suhosin-errors

Re: suhosin-errors

Re: suhosin-errors

Re: suhosin-errors

Re: suhosin-errors