Suhosin per-URL exceptions?
Posted
by
STATUS_ACCESS_DENIED
on Server Fault
See other posts from Server Fault
or by STATUS_ACCESS_DENIED
Published on 2011-09-30T17:26:14Z
Indexed on
2012/06/18
9:18 UTC
Read the original article
Hit count: 195
I am using SimpleID as my OpenID provider and it turns out that if I log on via pages like those on StackExchange, one of the parameters of the GET request gets dropped by Suhosin. The name of the variable is s
and I presume it's responsible for the "return to URL" part after login.
All of this is not a problem as long as I am already logged into SimpleID from before. However, as soon as the site on which I want to log in via OpenID ends up at the login screen of SimpleID, the redirect back to the site I came from does not work anymore due to the dropped variable.
Is there a method to configure either on a per-virtual-host or per-URL basis to ignore the maximum length for GET requests with a parameter s
exceeding the (globally) set limit?
I'm using Apache 2.2, so I was wondering whether a mechanism similar to setting the PHP ini variables from within the server configuration exists for Suhosin.
© Server Fault or respective owner