News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

suhosin breaks smf

Started by ianmarie, January 15, 2009, 07:07:31 PM

Previous topic - Next topic

ianmarie

Hi all

I have just migrated a working smf to a new server; which has been hardened with suhosin; fairly standard. This breaks smf; suhosin error message below.

Does anyone know a workaround where smf can work on an suhosin hardened server?
although - also wondering if it may be due to joomsef as that is what is generating the include file in the first part of the message

Thanks

Ian

Jan 16 10:42:55 servername suhosin[12776]: ALERT - Include filename (' hxxp:www.domain.com.au/covenant_forum/Settings.php/index.php' [nonactive]) is an URL that is not allowed (attacker 'xx.xx.xx.xx', file '/home/user/public_html/components/com_smf/smf.php', line 120)

Rumbaar

Does a stand alone SMF and a stand alone Joomla work on that server?  I can't say I've heard of that server side operation before, have you tried to deal with this via your host?  To see if that can help out with configurations?
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

ianmarie

figured it out; in that the 'includes' function for placing smf into the Joomla install was what was breaching suhosin's rules.

Rumbaar

Ah good to hear.  In future if you solved a support question could you please come back and mark it as solved so it removes itself from the outstanding support list of topics.
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]

Advertisement: