Suhosin per-URL exceptions?

Posted by STATUS_ACCESS_DENIED on Server Fault See other posts from Server Fault or by STATUS_ACCESS_DENIED
Published on 2011-09-30T17:26:14Z Indexed on 2012/06/18 9:18 UTC
Read the original article Hit count: 195

Filed under:
|
|
|

I am using SimpleID as my OpenID provider and it turns out that if I log on via pages like those on StackExchange, one of the parameters of the GET request gets dropped by Suhosin. The name of the variable is s and I presume it's responsible for the "return to URL" part after login.

All of this is not a problem as long as I am already logged into SimpleID from before. However, as soon as the site on which I want to log in via OpenID ends up at the login screen of SimpleID, the redirect back to the site I came from does not work anymore due to the dropped variable.

Is there a method to configure either on a per-virtual-host or per-URL basis to ignore the maximum length for GET requests with a parameter s exceeding the (globally) set limit?

I'm using Apache 2.2, so I was wondering whether a mechanism similar to setting the PHP ini variables from within the server configuration exists for Suhosin.

© Server Fault or respective owner

Related posts about php

Related posts about apache2