suhosin中大量的请求变量名长度错误 - lots of request variable name length errors in suhosin

lots of request variable name length errors in suhosin

本文关键字：变量名错误请求 suhosin | 更新日期: 2023-09-27

我在/var/log/messages中得到了很多suhosin错误

Dec 22 06:28:12 server suhosin[4637]: ALERT - configured request variable name length limit exceeded - dropped variable '66583-((-....-..................-....-__-......-................-......-............-........-......-''__-))' (attacker '127.0.0.1', file '/home/user/public_html/vb/showthread.php')
Dec 22 06:28:14 server suhosin[4620]: ALERT - configured request variable name length limit exceeded - dropped variable '125055-........-..............-............-Zombie-Driftwood-2010-DVDrip-..........-............-......-18-............-......-........-............' (attacker '127.0.0.1', file '/home/user/public_html/vb/showthread.php')

这是我在php.ini文件中的suhosin配置

[suhosin]
suhosin.cookie.encrypt = Off
suhosin.request.max_vars = 10000
suhosin.request.max_value_length = 65000
suhosin.post.max_vars = 10000
suhosin.post.max_value_length = 5000
suhosin.get.max_vars = 10000
suhosin.get.max_value_length = 10000
suhosin.memory_limit = 128M

那么我如何解决这个问题呢?我试着提高上面所有的值，但它也不起作用

我得到了同样的错误。为了修复它，我编辑了/etc/php.d/suhosin.ini。首先我修改了

suhosin.request.max_varname_length = 64

suhosin.request.max_varname_length = 128

但是这并没有修复它，它只是微妙地改变了错误消息(注意关于GET而不是请求的抱怨):

Feb 22 17:07:04 <servern name> suhosin[23389]: ALERT - configured GET variable name length limit exceeded - dropped variable '/mehul_bakrania/feedback/personal_coach_and_peak_performance_trai/159296' (attacker '<ip address>', file <file path>')

所以我改成:

suhosin.get.max_name_length = 64

suhosin.get.max_name_length = 128

我的问题就解决了。我选择128是因为我注意到导致问题的URL大约有70个字符长。

你可以试试:

suhosin.get.max_name_length (default 64)
suhosin.post.max_name_length (default 64)
suhosin.request.max_varname_length (default 64)