I'm getting a bunch of false positive errors : colo suhosin[3013]: ALERT - configured request variable name length limit exceeded - dropped variable
Is there a way for me to prevent this from occurring? Thanks
Suhosin False Positive
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Suhosin False Positive
(suhosin is not part of ASL, so this post has been moved from the ASL forums)
You will need to configure suhosin for your system to prevent false positives. By default suhosin restricts a lot of things, so you will likely need to change a lot more than this:
suhosin.request.max_varname_length
You need to set it as high as necessary for your system. Example:
suhosin.request.max_varname_length = 128
But you'll probably run into a lot more restrictions form suhosin, like GET variable limits and so on. In short, you need to really tune suhosin for your system or expect more false positives, or disable it.
You will need to configure suhosin for your system to prevent false positives. By default suhosin restricts a lot of things, so you will likely need to change a lot more than this:
suhosin.request.max_varname_length
You need to set it as high as necessary for your system. Example:
suhosin.request.max_varname_length = 128
But you'll probably run into a lot more restrictions form suhosin, like GET variable limits and so on. In short, you need to really tune suhosin for your system or expect more false positives, or disable it.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone