You can configure it to either block potential attacks a and to log the results in unix syslog. you can also configure it to allow issues to occur and to only log events too.
You can control the Suhosin default values in your php.ini file.
Some php applications use an enormous amount of post variables so the default value (200) is probably too low. As I have explained to my co-worker, getting rid of the plug-in because your script uses too many post variables is probably not the best solution.
The solution in the that event is to modify the maximum request and post vars.
You can also tell suhosin to in the event of encountering a possible attack to run a different script or a http redirect instead. Like perhaps something like this:
(php.ini entry)
[suhosin]
suhosin.filter.action=[302,]http://www.youtube.com/watch?v=Yu_moia-oVI
As you can see this has a number of interesting possibilities.
If you are interested in PHP and AMP (oamp,lamp ...etc) technologies See also:
The hardened PHP project:
http://www.hardened-php.net/suhosin/
Ax0n's OAMP (Apache, Mysql, PHP on OpenBSD) Article:
http://www.h-i-r.net/2008/12/sysadmin-sunday-amp-on-openbsd-44.html
Asmodian X's Name based hosting mini-howto:
http://www.h-i-r.net/2008/10/sysadmin-sunday-apache-name-based.html
The PHP main website:
http://www.php.net/
The Apache webserver website:
http://httpd.apache.org/
The redirect probably need to be pointed to a different php script with a header change or a meta-refresh to whatever website you want. It aparently is sensitive to get variables.
ReplyDeletesuhosin.filter.action=/var/www/redir.php
where redir.php contains:
< META http-equiv="refresh" content="0;URL=http://www.youtube.com/watch?v=Yu_moia-oVI">