apache PHP suhosin load

Damien Fleuriot ml at my.gd
Thu Jun 21 07:32:30 UTC 2012

On 21 Jun 2012, at 08:34, n dhert <ndhertbsd at gmail.com> wrote:

> On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for
> compatibility with existing applications, but the most recent version
> in the php52 branch
> $ php --version
> PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May  7 2012 08:45:58)
>> From time to time, I notice in a top output, that a huge number of httpd
> daemons are being started, making the load rapidly increase to levels of
> 5, 10, 15, ... and very slow interactive respons ...
> Stopping apache makes the load rapidly decrease to a normal level.
> I noticed at the console, at stopping apache, several messages such as
> Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT -
> canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR
> not set', file
> '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php',
> line 654)
> (the file value differs, but it's always "suhosin .. canany mismatch
> - heap overflow detected")
> My PHP has following options set
> # cd /usr/ports/lang/php52
> My PHP has following options set
> # cd /usr/ports/lang/php52
> # make showconfig
> ===> The following configuration options are available for php52-5.2.17_8:
>     CLI=on: Build CLI version
>     CGI=on: Build CGI version
>     APACHE=on: Build Apache module
>     DEBUG=off: Enable debug
>     SUHOSIN=on: Enable Suhosin protection system (not for jails)
>     MULTIBYTE=off: Enable zend multibyte support
>     IPV6=on: Enable ipv6 support
>     MAILHEAD=off: Enable mail header patch
>     REDIRECT=off: Enable force-cgi-redirect support (CGI only)
>     DISCARD=off: Enable discard-path support (CGI only)
>     FASTCGI=on: Enable fastcgi support (CGI only)
>     FPM=off: Enable fastcgi process manager (CGI only)
>     PATHINFO=on: Enable path-info-check support (CGI only)
>     LINKTHR=off: Link thread lib (for threaded extensions)
> Is that heap overlow causing the trouble? Has suhosin to do something with
> it?
> How to solve?

For starters, I would suggest moving away from apace and towards nginx + fastcgi php.

A friend had a small dedicated server with a vbulletin forum overloaded with addons, and apache/php were bringing the server to "high" load levels, 10-20ish.

I've moved him to nginx and the server hardly ever goes above 1 now.

Additionally, nginx is immune to Slowloris attacks, while apache is not.

Only after migrating to nginx would I investigate of the suhosin problem still exists.

More information about the freebsd-questions mailing list