Pages

2008-12-23

Asmodian's Workbench: Suhosin Hardened PHP extension and patch.

Suhosin is a plug-in and patch for PHP. It places a white-list filter of actions which are allowed. It prevents a pile of PHP exploits from happening such as buffer overflows and certain kinds of injection attacks. You can find it at the Hardened PHP project web-page. It has a number of default items it blocks, one of which is the number of variables it allows to be posted and received.

You can configure it to either block potential attacks a and to log the results in unix syslog. you can also configure it to allow issues to occur and to only log events too.

You can control the Suhosin default values in your php.ini file.

Some php applications use an enormous amount of post variables so the default value (200) is probably too low. As I have explained to my co-worker, getting rid of the plug-in because your script uses too many post variables is probably not the best solution.

The solution in the that event is to modify the maximum request and post vars.

You can also tell suhosin to in the event of encountering a possible attack to run a different script or a http redirect instead. Like perhaps something like this:
(php.ini entry)

[suhosin]
suhosin.filter.action=[302,]http://www.youtube.com/watch?v=Yu_moia-oVI

As you can see this has a number of interesting possibilities.

If you are interested in PHP and AMP (oamp,lamp ...etc) technologies See also:

The hardened PHP project:
http://www.hardened-php.net/suhosin/

Ax0n's OAMP (Apache, Mysql, PHP on OpenBSD) Article:
http://www.h-i-r.net/2008/12/sysadmin-sunday-amp-on-openbsd-44.html

Asmodian X's Name based hosting mini-howto:
http://www.h-i-r.net/2008/10/sysadmin-sunday-apache-name-based.html

The PHP main website:
http://www.php.net/

The Apache webserver website:
http://httpd.apache.org/

1 comment:

  1. The redirect probably need to be pointed to a different php script with a header change or a meta-refresh to whatever website you want. It aparently is sensitive to get variables.

    suhosin.filter.action=/var/www/redir.php

    where redir.php contains:

    < META http-equiv="refresh" content="0;URL=http://www.youtube.com/watch?v=Yu_moia-oVI">

    ReplyDelete