I got a lot of suhosin errors in my /var/log/messages
Dec 22 06:28:12 server suhosin[4637]: ALERT - configured request variable name length limit exceeded - dropped variable '66583-((-....-..................-....-__-......-................-......-............-........-......-\\__-))' (attacker '127.0.0.1', file '/home/user/public_html/vb/showthread.php')
Dec 22 06:28:14 server suhosin[4620]: ALERT - configured request variable name length limit exceeded - dropped variable '125055-........-..............-............-Zombie-Driftwood-2010-DVDrip-..........-............-......-18-............-......-........-............' (attacker '127.0.0.1', file '/home/user/public_html/vb/showthread.php')
Here is my suhosin configuration in php.ini
file
[suhosin]
suhosin.cookie.encrypt = Off
suhosin.request.max_vars = 10000
suhosin.request.max_value_length = 65000
suhosin.post.max_vars = 10000
suhosin.post.max_value_length = 5000
suhosin.get.max_vars = 10000
suhosin.get.max_value_length = 10000
suhosin.memory_limit = 128M
So how can I fix that issue? I tried to raise all the values above but it didn't work also.
I got the same error. To fix it i edited /etc/php.d/suhosin.ini
. First I changed
suhosin.request.max_varname_length = 64
to
suhosin.request.max_varname_length = 128
But this didn't fix it, it just changed the error message subtly (Note the complaint about the GET instead of the request):
Feb 22 17:07:04 <servern name> suhosin[23389]: ALERT - configured GET variable name length limit exceeded - dropped variable '/mehul_bakrania/feedback/personal_coach_and_peak_performance_trai/159296' (attacker '<ip address>', file <file path>')
So then I changed:
suhosin.get.max_name_length = 64
to
suhosin.get.max_name_length = 128
Then my problem was fixed. I chosse 128 because I noticed the URL that was causing the issue was about 70 characters long.