Mailing List Archive: Large POST forms not fully processed

Large POST forms not fully processed

Feb 7, 2012, 1:57 PM

Post #1 of 3 (1297 views)

When I have a very large form and post it to the server, cherokee seems to be
giving up before accepting the whole form. And it gives up very early, like
3 or 4 seconds. I am developing a CakePHP app and going a "debug" w/ the
POST data and it's only spitting out the first 30 or so arrays of values
when there are closer to 150. and it cuts off the last one mid-stream, so I
assume there is some sort of memory limit (apparently small) on how much
data can be sent via POST to cherokee. Any way I can fix this? This is quite
a deal-breaker right now for one of our sites.

BTW thanks for the all the help so far, everyone. Right now this seems to be
the final major issue remaining for me w/ Cherokee.

--
View this message in context: http://cherokee-web-server-general.1049476.n5.nabble.com/Large-POST-forms-not-fully-processed-tp5464749p5464749.html
Sent from the Cherokee Web Server - General mailing list archive at Nabble.com.
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: Large POST forms not fully processed [ In reply to ]

bradezone at gmail

Feb 7, 2012, 2:34 PM

Post #2 of 3 (1270 views)

Permalink

Wow, finally figured it out--it's not a cherokee issue. It's these Suhosin
PHP settings:

suhosin.post.max_vars
suhosin.request.max_vars

Apparently each array element in the $_POST data (no matter the depth)
counts as one variable, so I needed to bump this WAY up from the default 200
(I set mine at 50000 just to be safe).

--
View this message in context: http://cherokee-web-server-general.1049476.n5.nabble.com/Large-POST-forms-not-fully-processed-tp5464749p5464835.html
Sent from the Cherokee Web Server - General mailing list archive at Nabble.com.
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: Large POST forms not fully processed [ In reply to ]

lists at dan

Feb 7, 2012, 3:42 PM

Post #3 of 3 (1273 views)

Permalink

Be careful with that setting - You may be making yourself vulnerable to DoS
attacks via hash collisions. See
http://isc.sans.edu/diary.html?storyid=12286 and
http://www.phpclasses.org/blog/post/171-PHP-Vulnerability-May-Halt-Millions-of-Servers.html
.

PHP 5.3.9 added a "max_input_vars" setting that essentially does the same
thing as the Suhosin setting. However, the PHP setting only applies at each
level of an array. So, you can have x post variables (including arrays),
and each array can have x values inside it. It sounded like Suhosin has a
global limit, counting every level of the array in the count. Once you're
on PHP 5.3.10, I'd suggest setting PHP's "max_input_vars" setting to
protect yourself against the hash collision DoS attacks.

- Daniel

On Wed, Feb 8, 2012 at 9:34 AM, Brade <bradezone@gmail.com> wrote:

> Wow, finally figured it out--it's not a cherokee issue. It's these Suhosin
> PHP settings:
>
> suhosin.post.max_vars
> suhosin.request.max_vars
>
> Apparently each array element in the $_POST data (no matter the depth)
> counts as one variable, so I needed to bump this WAY up from the default
> 200
> (I set mine at 50000 just to be safe).
>
> --
> View this message in context:
> http://cherokee-web-server-general.1049476.n5.nabble.com/Large-POST-forms-not-fully-processed-tp5464749p5464835.html
> Sent from the Cherokee Web Server - General mailing list archive at
> Nabble.com.
> _______________________________________________
> Cherokee mailing list
> Cherokee@lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>