Page 1 of 1
Suhosin False Positive
Posted: Mon Jun 11, 2012 12:22 pm
by adrianwa
I'm getting a bunch of false positive errors : colo suhosin[3013]: ALERT - configured request variable name length limit exceeded - dropped variable
Is there a way for me to prevent this from occurring? Thanks
Re: Suhosin False Positive
Posted: Mon Jun 11, 2012 12:58 pm
by mikeshinn
(suhosin is not part of ASL, so this post has been moved from the ASL forums)
You will need to configure suhosin for your system to prevent false positives. By default suhosin restricts a lot of things, so you will likely need to change a lot more than this:
suhosin.request.max_varname_length
You need to set it as high as necessary for your system. Example:
suhosin.request.max_varname_length = 128
But you'll probably run into a lot more restrictions form suhosin, like GET variable limits and so on. In short, you need to really tune suhosin for your system or expect more false positives, or disable it.