Tests for suhosin.XXX.max_name_length and suhosin.request_max_varname_length

author: Stefan Esser 2014-02-13 11:27:18 +0100
committer: Stefan Esser 2014-02-13 11:27:18 +0100
commit: 6909a29e3cb927b0600665e9291a60884da31f3a (patch)
tree: c36644ec0780f17b3169f02d57a7e45afe0564d3
parent: 63519762d8131b9c6d3f15cca5b498c780523297 (diff)
5 files changed, 275 insertions, 0 deletions
diff --git a/tests/filter/input_filter_cookie_max_name_length.phpt b/tests/filter/input_filter_cookie_max_name_length.phpt
new file mode 100644
index 0000000..b655424
--- /dev/null
+++ b/tests/filter/input_filter_cookie_max_name_length.phpt
@@ -0,0 +1,41 @@
+--TEST--
+suhosin input filter (suhosin.cookie.max_name_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_varname_length=0
+suhosin.cookie.max_name_length=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6;
+--GET--
+--POST--
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(4) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var3"]=>
+  array(1) {
+    ["xxx"]=>
+    string(1) "3"
+  }
+}
+ALERT - configured COOKIE variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured COOKIE variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured COOKIE variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 0 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_get_max_name_length.phpt b/tests/filter/input_filter_get_max_name_length.phpt
new file mode 100644
index 0000000..4fab0a0
--- /dev/null
+++ b/tests/filter/input_filter_get_max_name_length.phpt
@@ -0,0 +1,41 @@
+--TEST--
+suhosin input filter (suhosin.get.max_name_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_varname_length=0
+suhosin.get.max_name_length=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
+--POST--
+--FILE--
+<?php
+var_dump($_GET);
+?>
+--EXPECTF--
+array(4) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var3"]=>
+  array(1) {
+    ["xxx"]=>
+    string(1) "3"
+  }
+}
+ALERT - configured GET variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured GET variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured GET variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (3 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_post_max_name_length.phpt b/tests/filter/input_filter_post_max_name_length.phpt
new file mode 100644
index 0000000..0065993
--- /dev/null
+++ b/tests/filter/input_filter_post_max_name_length.phpt
@@ -0,0 +1,41 @@
+--TEST--
+suhosin input filter (suhosin.post.max_name_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_varname_length=0
+suhosin.post.max_name_length=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST--
+var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(4) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var3"]=>
+  array(1) {
+    ["xxx"]=>
+    string(1) "3"
+  }
+}
+ALERT - configured POST variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_post_max_name_length_rfc1867.phpt b/tests/filter/input_filter_post_max_name_length_rfc1867.phpt
new file mode 100644
index 0000000..45936d5
--- /dev/null
+++ b/tests/filter/input_filter_post_max_name_length_rfc1867.phpt
@@ -0,0 +1,70 @@
+--TEST--
+suhosin input filter (suhosin.post.max_name_length - RFC1867 version)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_varname_length=0
+suhosin.post.max_name_length=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var"
+0
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var1"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var2[]"
+2
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var3[xxx]"
+3
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var04"
+4
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var05[]"
+5
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var06[xxx]"
+6
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(4) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var3"]=>
+  array(1) {
+    ["xxx"]=>
+    string(1) "3"
+  }
+}
+ALERT - configured POST variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_request_max_name_length.phpt b/tests/filter/input_filter_request_max_name_length.phpt
new file mode 100644
index 0000000..03b4a3b
--- /dev/null
+++ b/tests/filter/input_filter_request_max_name_length.phpt
@@ -0,0 +1,82 @@
+--TEST--
+suhosin input filter (suhosin.request.max_varname_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_varname_length=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6;
+--GET--
+var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
+--POST--
+var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
+--FILE--
+<?php
+var_dump($_GET);
+var_dump($_POST);
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(4) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var3"]=>
+  array(1) {
+    ["xxx"]=>
+    string(1) "3"
+  }
+}
+array(4) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var3"]=>
+  array(1) {
+    ["xxx"]=>
+    string(1) "3"
+  }
+}
+array(4) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var3"]=>
+  array(1) {
+    ["xxx"]=>
+    string(1) "3"
+  }
+}
+ALERT - configured request variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 9 request variables - (3 in GET, 3 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
author	Stefan Esser	2014-02-13 11:27:18 +0100
committer	Stefan Esser	2014-02-13 11:27:18 +0100
commit	6909a29e3cb927b0600665e9291a60884da31f3a (patch)
tree	c36644ec0780f17b3169f02d57a7e45afe0564d3
parent	63519762d8131b9c6d3f15cca5b498c780523297 (diff)

diff --git a/tests/filter/input_filter_cookie_max_name_length.phpt b/tests/filter/input_filter_cookie_max_name_length.phpt new file mode 100644 index 0000000..b655424 --- /dev/null +++ b/tests/filter/input_filter_cookie_max_name_length.phpt
@@ -0,0 +1,41 @@
	1	--TEST--
	2	suhosin input filter (suhosin.cookie.max_name_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_varname_length=0
	9	suhosin.cookie.max_name_length=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6;
	14	--GET--
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_COOKIE);
	19	?>
	20	--EXPECTF--
	21	array(4) {
	22	["var"]=>
	23	string(1) "0"
	24	["var1"]=>
	25	string(1) "1"
	26	["var2"]=>
	27	array(1) {
	28	[0]=>
	29	string(1) "2"
	30	}
	31	["var3"]=>
	32	array(1) {
	33	["xxx"]=>
	34	string(1) "3"
	35	}
	36	}
	37	ALERT - configured COOKIE variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
	38	ALERT - configured COOKIE variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
	39	ALERT - configured COOKIE variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	40	ALERT - dropped 3 request variables - (0 in GET, 0 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	41


diff --git a/tests/filter/input_filter_get_max_name_length.phpt b/tests/filter/input_filter_get_max_name_length.phpt new file mode 100644 index 0000000..4fab0a0 --- /dev/null +++ b/tests/filter/input_filter_get_max_name_length.phpt
@@ -0,0 +1,41 @@
	1	--TEST--
	2	suhosin input filter (suhosin.get.max_name_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_varname_length=0
	9	suhosin.get.max_name_length=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_GET);
	19	?>
	20	--EXPECTF--
	21	array(4) {
	22	["var"]=>
	23	string(1) "0"
	24	["var1"]=>
	25	string(1) "1"
	26	["var2"]=>
	27	array(1) {
	28	[0]=>
	29	string(1) "2"
	30	}
	31	["var3"]=>
	32	array(1) {
	33	["xxx"]=>
	34	string(1) "3"
	35	}
	36	}
	37	ALERT - configured GET variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
	38	ALERT - configured GET variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
	39	ALERT - configured GET variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	40	ALERT - dropped 3 request variables - (3 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	41


diff --git a/tests/filter/input_filter_post_max_name_length.phpt b/tests/filter/input_filter_post_max_name_length.phpt new file mode 100644 index 0000000..0065993 --- /dev/null +++ b/tests/filter/input_filter_post_max_name_length.phpt
@@ -0,0 +1,41 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_name_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_varname_length=0
	9	suhosin.post.max_name_length=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST--
	15	var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
	16	--FILE--
	17	<?php
	18	var_dump($_POST);
	19	?>
	20	--EXPECTF--
	21	array(4) {
	22	["var"]=>
	23	string(1) "0"
	24	["var1"]=>
	25	string(1) "1"
	26	["var2"]=>
	27	array(1) {
	28	[0]=>
	29	string(1) "2"
	30	}
	31	["var3"]=>
	32	array(1) {
	33	["xxx"]=>
	34	string(1) "3"
	35	}
	36	}
	37	ALERT - configured POST variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
	38	ALERT - configured POST variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
	39	ALERT - configured POST variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	40	ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	41


diff --git a/tests/filter/input_filter_post_max_name_length_rfc1867.phpt b/tests/filter/input_filter_post_max_name_length_rfc1867.phpt new file mode 100644 index 0000000..45936d5 --- /dev/null +++ b/tests/filter/input_filter_post_max_name_length_rfc1867.phpt
@@ -0,0 +1,70 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_name_length - RFC1867 version)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_varname_length=0
	9	suhosin.post.max_name_length=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST_RAW--
	15	Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
	16	-----------------------------20896060251896012921717172737
	17	Content-Disposition: form-data; name="var"
	18
	19	0
	20	-----------------------------20896060251896012921717172737
	21	Content-Disposition: form-data; name="var1"
	22
	23	1
	24	-----------------------------20896060251896012921717172737
	25	Content-Disposition: form-data; name="var2[]"
	26
	27	2
	28	-----------------------------20896060251896012921717172737
	29	Content-Disposition: form-data; name="var3[xxx]"
	30
	31	3
	32	-----------------------------20896060251896012921717172737
	33	Content-Disposition: form-data; name="var04"
	34
	35	4
	36	-----------------------------20896060251896012921717172737
	37	Content-Disposition: form-data; name="var05[]"
	38
	39	5
	40	-----------------------------20896060251896012921717172737
	41	Content-Disposition: form-data; name="var06[xxx]"
	42
	43	6
	44	-----------------------------20896060251896012921717172737--
	45	--FILE--
	46	<?php
	47	var_dump($_POST);
	48	?>
	49	--EXPECTF--
	50	array(4) {
	51	["var"]=>
	52	string(1) "0"
	53	["var1"]=>
	54	string(1) "1"
	55	["var2"]=>
	56	array(1) {
	57	[0]=>
	58	string(1) "2"
	59	}
	60	["var3"]=>
	61	array(1) {
	62	["xxx"]=>
	63	string(1) "3"
	64	}
	65	}
	66	ALERT - configured POST variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
	67	ALERT - configured POST variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
	68	ALERT - configured POST variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	69	ALERT - dropped 3 request variables - (0 in GET, 3 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	70


diff --git a/tests/filter/input_filter_request_max_name_length.phpt b/tests/filter/input_filter_request_max_name_length.phpt new file mode 100644 index 0000000..03b4a3b --- /dev/null +++ b/tests/filter/input_filter_request_max_name_length.phpt
@@ -0,0 +1,82 @@
	1	--TEST--
	2	suhosin input filter (suhosin.request.max_varname_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_varname_length=4
	9	--SKIPIF--
	10	<?php include('skipif.inc'); ?>
	11	--COOKIE--
	12	var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6;
	13	--GET--
	14	var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
	15	--POST--
	16	var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
	17	--FILE--
	18	<?php
	19	var_dump($_GET);
	20	var_dump($_POST);
	21	var_dump($_COOKIE);
	22	?>
	23	--EXPECTF--
	24	array(4) {
	25	["var"]=>
	26	string(1) "0"
	27	["var1"]=>
	28	string(1) "1"
	29	["var2"]=>
	30	array(1) {
	31	[0]=>
	32	string(1) "2"
	33	}
	34	["var3"]=>
	35	array(1) {
	36	["xxx"]=>
	37	string(1) "3"
	38	}
	39	}
	40	array(4) {
	41	["var"]=>
	42	string(1) "0"
	43	["var1"]=>
	44	string(1) "1"
	45	["var2"]=>
	46	array(1) {
	47	[0]=>
	48	string(1) "2"
	49	}
	50	["var3"]=>
	51	array(1) {
	52	["xxx"]=>
	53	string(1) "3"
	54	}
	55	}
	56	array(4) {
	57	["var"]=>
	58	string(1) "0"
	59	["var1"]=>
	60	string(1) "1"
	61	["var2"]=>
	62	array(1) {
	63	[0]=>
	64	string(1) "2"
	65	}
	66	["var3"]=>
	67	array(1) {
	68	["xxx"]=>
	69	string(1) "3"
	70	}
	71	}
	72	ALERT - configured request variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
	73	ALERT - configured request variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
	74	ALERT - configured request variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	75	ALERT - configured request variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
	76	ALERT - configured request variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
	77	ALERT - configured request variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	78	ALERT - configured request variable name length limit exceeded - dropped variable 'var04' (attacker 'REMOTE_ADDR not set', file '%s')
	79	ALERT - configured request variable name length limit exceeded - dropped variable 'var05[]' (attacker 'REMOTE_ADDR not set', file '%s')
	80	ALERT - configured request variable name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	81	ALERT - dropped 9 request variables - (3 in GET, 3 in POST, 3 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	82