Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Warning: Director::protocolAndHost() lacks sufficient information - HTTP_HOST not set


Reply


6 Posts   1997 Views

Avatar
Joril

Community Member, 5 Posts

28 March 2011 at 9:11pm

Hi everyone!
Our company site is built with Silverstripe 2.4.4 and we are very happy with it, but we're having a small problem... Sometimes we are "visited" by some script/bot that (I think) scans the 'net looking for buffer overflows, and every time this results in 10 warning e-mails being sent to the site admin. Every mail has subject "Warning: Director::protocolAndHost() lacks sufficient information - HTTP_HOST not set."
I tried adding to mysite/_config.php the following:

global $_FILE_TO_URL_MAPPING;
$_FILE_TO_URL_MAPPING['/var/www/cms'] = 'http://our.site.com';

but the problem is still there... Any hint?

Avatar
Joril

Community Member, 5 Posts

15 April 2011 at 7:20pm

I ended up adding a mod_security rule to Apache:

SecRule REQUEST_METHOD "!^(?:GET|HEAD|OPTIONS|POST|CONNECT)$"

Avatar
slith

Community Member, 7 Posts

23 August 2011 at 10:17am

i fixed the problem by setting register_globals = On in php.ini

Avatar
Joril

Community Member, 5 Posts

29 August 2011 at 6:57pm

Sadly that command is deprecated (http://php.net/manual/en/security.globals.php) and can cause security problems :/

Avatar
martimiz

Forum Moderator, 1105 Posts

31 August 2011 at 1:21am

Edited: 31/08/2011 1:21am

Looking at the protocolAndHost() function, it seems that it doesn't use the HTTP_HOST var if an $alternateBaseURL is given. So you can set the website root from mysite/_config.php?

Director::setBaseURL('http://our.site.com/');

As long as it's a 'simple' site that has the one root, it stills seems to work fine... So I don't know if there's anything against using this, apart from obvious issues on moving the site?

Avatar
Joril

Community Member, 5 Posts

31 August 2011 at 1:42am

I'll try that, thank you :)