lots of request variable name length errors in suhosin

iLinux85 picture iLinux85 · Dec 22, 2011 · Viewed 16.8k times · Source

I got a lot of suhosin errors in my /var/log/messages

Dec 22 06:28:12 server suhosin[4637]: ALERT - configured request variable name length limit exceeded - dropped variable '66583-((-....-..................-....-__-......-................-......-............-........-......-\\__-))' (attacker '127.0.0.1', file '/home/user/public_html/vb/showthread.php')
Dec 22 06:28:14 server suhosin[4620]: ALERT - configured request variable name length limit exceeded - dropped variable '125055-........-..............-............-Zombie-Driftwood-2010-DVDrip-..........-............-......-18-............-......-........-............' (attacker '127.0.0.1', file '/home/user/public_html/vb/showthread.php')

Here is my suhosin configuration in php.ini file

[suhosin]
suhosin.cookie.encrypt = Off
suhosin.request.max_vars = 10000
suhosin.request.max_value_length = 65000
suhosin.post.max_vars = 10000
suhosin.post.max_value_length = 5000
suhosin.get.max_vars = 10000
suhosin.get.max_value_length = 10000
suhosin.memory_limit = 128M

So how can I fix that issue? I tried to raise all the values above but it didn't work also.

Answer

Tom picture Tom · Feb 22, 2012

I got the same error. To fix it i edited /etc/php.d/suhosin.ini. First I changed

suhosin.request.max_varname_length = 64

to

suhosin.request.max_varname_length = 128

But this didn't fix it, it just changed the error message subtly (Note the complaint about the GET instead of the request):

Feb 22 17:07:04 <servern name> suhosin[23389]: ALERT - configured GET variable name length limit exceeded - dropped variable '/mehul_bakrania/feedback/personal_coach_and_peak_performance_trai/159296' (attacker '<ip address>', file <file path>') 

So then I changed:

suhosin.get.max_name_length = 64

to

suhosin.get.max_name_length = 128

Then my problem was fixed. I chosse 128 because I noticed the URL that was causing the issue was about 70 characters long.