Colek Colek

Navigate

HomeTechnologyDebianHow to Fix Suhosin Error ‘ALERT – configured GET variable value length limit exceeded…’ on Debian Squeeze

How to Fix Suhosin Error ‘ALERT – configured GET variable value length limit exceeded…’ on Debian Squeeze

By kumkum February 25, 2012 5

PHP Suhosin is an open source patch for PHP5 to harden the servers security.

I found this Suhosin looping error message when checked on /var/log/user.log

# tail -f /var/log/user.log

Feb 25 07:28:39 rastavarian suhosin[444]: ALERT – configured GET variable value length limit exceeded – dropped variable ‘cookie’ (attacker ‘202.42.246.191’, file ‘/var/www/wp-admin/admin-ajax.php’)
Feb 25 07:28:40 rastavarian suhosin[442]: ALERT – configured GET variable value length limit exceeded – dropped variable ‘cookie’ (attacker ‘202.42.246.191’, file ‘/var/www/wp-admin/admin-ajax.php’)

To fix this, edit /etc/php5/conf.d/suhosin.ini

# nano /etc/php5/conf.d/suhosin.ini

And modify the following line, increase 64 to 128:

suhosin.get.max_name_length = 128
suhosin.post.max_name_length = 128
suhosin.request.max_varname_length = 128

Previous ArticleHow to Install Spamassasin, ClamAV, Amavis on Ubuntu / Debian Squeeze

Next Article How to Upgrade EHCP 0.30.4 to 0.30.6

5 Comments

Nadya on February 27, 2012 1:31 pm

om..artine pie om?

Reply
- kumkum on February 27, 2012 2:33 pm
  
  artinya, cara menanggulangi suhosin error “nilai variabel GET terlalu panjang” di linux debian versi squeeze
  🙂
  
  Reply
Frank Wiley on August 1, 2012 1:53 pm

Hello,

this:
# nano /etc/php5/conf.d/suhosin.ini

suhosin.get.max_name_length = 256
suhosin.post.max_name_length = 256
suhosin.request.max_varname_length = 256

works perfekt…

thank you very much for your dokumentation…

Greedings from Germany.
Frank Wiley

Reply
James on October 9, 2013 6:00 pm

Doesn’t this open security risks with buffer memory overflow attacks?

Reply