Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cherokee: users

Large POST forms not fully processed

 

 

Cherokee users RSS feed   Index | Next | Previous | View Threaded


bradezone at gmail

Feb 7, 2012, 1:57 PM

Post #1 of 3 (378 views)
Permalink
Large POST forms not fully processed

When I have a very large form and post it to the server, cherokee seems to be
giving up before accepting the whole form. And it gives up very early, like
3 or 4 seconds. I am developing a CakePHP app and going a "debug" w/ the
POST data and it's only spitting out the first 30 or so arrays of values
when there are closer to 150. and it cuts off the last one mid-stream, so I
assume there is some sort of memory limit (apparently small) on how much
data can be sent via POST to cherokee. Any way I can fix this? This is quite
a deal-breaker right now for one of our sites.

BTW thanks for the all the help so far, everyone. Right now this seems to be
the final major issue remaining for me w/ Cherokee.

--
View this message in context: http://cherokee-web-server-general.1049476.n5.nabble.com/Large-POST-forms-not-fully-processed-tp5464749p5464749.html
Sent from the Cherokee Web Server - General mailing list archive at Nabble.com.
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee


bradezone at gmail

Feb 7, 2012, 2:34 PM

Post #2 of 3 (360 views)
Permalink
Re: Large POST forms not fully processed [In reply to]

Wow, finally figured it out--it's not a cherokee issue. It's these Suhosin
PHP settings:

suhosin.post.max_vars
suhosin.request.max_vars

Apparently each array element in the $_POST data (no matter the depth)
counts as one variable, so I needed to bump this WAY up from the default 200
(I set mine at 50000 just to be safe).

--
View this message in context: http://cherokee-web-server-general.1049476.n5.nabble.com/Large-POST-forms-not-fully-processed-tp5464749p5464835.html
Sent from the Cherokee Web Server - General mailing list archive at Nabble.com.
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee


lists at dan

Feb 7, 2012, 3:42 PM

Post #3 of 3 (363 views)
Permalink
Re: Large POST forms not fully processed [In reply to]

Be careful with that setting - You may be making yourself vulnerable to DoS
attacks via hash collisions. See
http://isc.sans.edu/diary.html?storyid=12286 and
http://www.phpclasses.org/blog/post/171-PHP-Vulnerability-May-Halt-Millions-of-Servers.html
.

PHP 5.3.9 added a "max_input_vars" setting that essentially does the same
thing as the Suhosin setting. However, the PHP setting only applies at each
level of an array. So, you can have x post variables (including arrays),
and each array can have x values inside it. It sounded like Suhosin has a
global limit, counting every level of the array in the count. Once you're
on PHP 5.3.10, I'd suggest setting PHP's "max_input_vars" setting to
protect yourself against the hash collision DoS attacks.

- Daniel

On Wed, Feb 8, 2012 at 9:34 AM, Brade <bradezone [at] gmail> wrote:

> Wow, finally figured it out--it's not a cherokee issue. It's these Suhosin
> PHP settings:
>
> suhosin.post.max_vars
> suhosin.request.max_vars
>
> Apparently each array element in the $_POST data (no matter the depth)
> counts as one variable, so I needed to bump this WAY up from the default
> 200
> (I set mine at 50000 just to be safe).
>
> --
> View this message in context:
> http://cherokee-web-server-general.1049476.n5.nabble.com/Large-POST-forms-not-fully-processed-tp5464749p5464835.html
> Sent from the Cherokee Web Server - General mailing list archive at
> Nabble.com.
> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee
>

Cherokee users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.