1

I am having a problem with Suhosin and PhpMyAdmin on the same server. When reading the docs: phpmyadmin.net is states that I should overrite the settings for phpmyadmin eg "suhosin.request.max_vars". Where would I put this?

In my apapche2/conf.d/phpmyadmin.conf

# Note: Please refer to /etc/apache2/sites-available/default-ssl for SSL/TLS setting.
#Alias /phpmyadmin "/usr/share/apache2/phpmyadmin/"
#Alias /mysql "/usr/share/apache2/phpmyadmin/"
<Directory "/usr/share/apache2/phpmyadmin/">
    Options -Indexes
</Directory>

default-ssl

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/site/public
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/ssl_access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    # Removed SSL config 

Alias /phpmyadmin /usr/share/apache2/phpmyadmin/
</VirtualHost>
</IfModule>
John Magnolia
  • 16,769
  • 36
  • 159
  • 270

2 Answers2

3

Figured it out and this may help anybody else:

<Directory "/usr/share/apache2/phpmyadmin/">
Options -Indexes

<IfModule mod_php5.c>
    php_value suhosin.request.max_vars 2048
    php_value suhosin.request.max_value_length 1000000
    php_value suhosin.request.max_array_index_length 256
    php_value suhosin.request.max_totalname_length 8192
    php_value suhosin.post.max_vars 2048
    php_value suhosin.post.max_array_index_length 256
    php_value suhosin.post.max_totalname_length 8192
    php_value suhosin.post.max_value_length 1000000
    php_flag suhosin.sql.bailout_on_error Off
    php_value suhosin.log.file 0
    php_value suhosin.log.phpscript 0
    php_flag suhosin.log.phpscript.is_safe Off
    php_value suhosin.log.sapi 0
    php_value suhosin.log.script 0
    php_flag suhosin.log.use-x-forwarded-for Off
    </IfModule>
</Directory>
John Magnolia
  • 16,769
  • 36
  • 159
  • 270
2

These actually belong in /etc/php5/conf.d/suhosin.ini

and can be limited to following statements ( as the others are default )

suhosin.request.max_vars=2048
suhosin.post.max_vars=2048
suhosin.request.max_array_index_length=256
suhosin.post.max_array_index_length=256
suhosin.request.max_totalname_length=8192
suhosin.post.max_totalname_length=8192
Djamu
  • 91
  • 2
  • When I tried this I get: Invalid command 'suhosin.request.max_vars=2048', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. failed! – John Magnolia Jan 19 '12 at 21:54