Max url length before pho $_GET not set

software development

#1

I have a problem. When I pass a query string to a simple php script on dreamhost (storm), the php $_GET array is not set if the query string is more than ~540 chars.

e.g.
This works
http://www.nostuff.org/googleplus/prx.php?abc=11111111111.1111111111.111/1111/11/111111/113029570517600774893/1111111111111111111111111111115111111111111111711-111110111111111111111111111111111851111111111111111111131168111211111111B11111911111111111111111111111118111111111111517111111111111111141111111141111111113101111111211111362111111111281112111111111117_116111111101111111111111111111111101111111111171111111111111111111411161111111111147115111111111111111111111111111111111111311111111111111111111111111111111111111111111111111111111111111_111

This does not work
http://www.nostuff.org/googleplus/prx.php?abc=11111111111.1111111111.111/1111/11/111111/113029570517600774893/1111111111/111111?111=111111115111111111111111711-11111011111%261111111111=10%26111111111=11118511111111111111111111311681112111111111191111111111111111111111111811111111111151711111111111111114111111114111011111113101111111211111362111111111281112111111111117_116111111101111111111111111111110111111111117111111111111111111141116111111111114711511111111111111111111111111111111131111111111111111111111111111111111111111111111111111111111111-11_11111111

prx.php looks like:
$abc = isset($_GET[‘abc’])?$_GET[‘abc’]:false;
if (!$abc) {
header(“HTTP/1.0 400 Bad Request”);
echo "prx.php failed because abc parameter is missing… “;
echo “

the _GET array looks like this…

\n
”;
print_r($_GET);
exit();
}
else {
echo "

the _GET array looks like…

\n
”;
print_r($_GET);
}

The total url char size is 564 (minus the leading domain name and http it’s 541)

This seems a low max url char count for apache to be configured, the default seems to be in the thousands.

Is there anyway to confirm why it acts like this on dreamhost, and if there is a way around it?

Thanks in advanced for any help

Chris


#2

DH has a security package Suhosin installed, which will make limits like this. Maybe you can disable it … I don’t know how, actually.

But Suhosin is there for a purpose - to prevent typical attacks.