@anonymous-piwik-user opened this Issue on August 1st 2011

These log entries appear approx. 10-20 daily:

Jul 26 08:55:04 orange suhosin[5942]: ALERT - configured GET variable value length limit exceeded - dropped variable 'urlref' (attacker '175.145.217.174', file '/home/public_html/piwik/piwik.php')

Jul 26 08:55:04 orange suhosin[5942]: ALERT - configured GET variable value length limit exceeded - dropped variable '_ref' (attacker '175.145.217.174', file '/home/public_html/piwik/piwik.php')

Jul 26 08:55:12 orange suhosin[6186]: ALERT - configured GET variable value length limit exceeded - dropped variable '_ref' (attacker '175.145.217.174', file '/home/public_html/piwik/piwik.php')

Jul 26 08:55:28 orange suhosin[6304]: ALERT - configured GET variable value length limit exceeded - dropped variable '_ref' (attacker '175.145.217.174', file '/home/public_html/piwik/piwik.php')

Jul 26 08:55:51 orange suhosin[6454]: ALERT - configured GET variable value length limit exceeded - dropped variable '_ref' (attacker '175.145.217.174', file '/home/public_html/piwik/piw
Keywords: suhosin

@peterbo commented on August 1st 2011 Contributor

please change the request method of the tracker to "POST":

piwikTracker.setRequestMethod( "POST");
@anonymous-piwik-user commented on May 5th 2012

I'm getting this error in logs.

Is it an attack situation? oris suhosin alert triggered by a "normal" piwik page?

@robocoder commented on May 5th 2012 Contributor

It depends on your suhosin configuration and the referrer url.

If you want to see if its malicious or not, try switching to POST or examining your Apache logs.

@anonymous-piwik-user commented on May 5th 2012

where do I switch to post?

@anonymous-piwik-user commented on June 11th 2012

Getting the same error. Where do I switch to "post"?

@mattab commented on June 19th 2012 Owner

you can call in the JS tracker piwikTracker.setRequestMethod( 'POST' );

it will work only if the piwik server is on the smae domain as the website being tracked

@anonymous-piwik-user commented on June 20th 2012

Piwik and website domains are different. But I now understand that this is not a Piwik problem, but caused by a very long referrer that is stored in "_ref" so Suhosin would have to be adapted.

Is this assumption correct?

@mattab commented on July 19th 2012 Owner

please disalbe suhosin for Piwik requests

This Issue was closed on July 19th 2012
Powered by GitHub Issue Mirror