Halaman

Selasa, 16 Agustus 2011

ALERT - configured POST variable limit exceeded

This afternoon my phone rings, the caller said that the data is already inputted was not saved.
I did a verbal check on him and because he is so confident with the situation, I said that I would check the system.

I check the server and see the error log.
# tail-f /var/log/httpd-error.log

[Tue Aug 16 12:15:12 2011] [error] [client xxx.xxx.xxx.xxx] ALERT - configured POST variable limit exceeded - dropped variable 'item_desc' (attacker 'xxx.xxx.xxx.xxx', file '/usr/ local / www / MyHome / myprg.php'), referer: http://mywww.com/myhome/myprg.php?pk=921664e4a696167707570706664466830332b4a4a2b384330324a6c75473438

It's definitely about the use of a variable that exceeds the limitations set.
After seeing this (I use PHP with Suhosin-Patch), I change configuration file /usr/local/etc/php.ini and add these two lines

suhosin.post.max_vars = 400
suhosin.request.max_vars = 400

then restart apache.

# /usr/local/sbin/apachectl stop
# /usr/local/sbin/apachectl graceful

then it works.

Thanks world!

Tidak ada komentar:

Posting Komentar