23481 Posts in 18951 Topics by 2878 members
General questions about getting started with SilverStripe that don't fit in any of the categories above.
|Go to End|
28 March 2011 at 9:11pm
Our company site is built with Silverstripe 2.4.4 and we are very happy with it, but we're having a small problem... Sometimes we are "visited" by some script/bot that (I think) scans the 'net looking for buffer overflows, and every time this results in 10 warning e-mails being sent to the site admin. Every mail has subject "Warning: Director::protocolAndHost() lacks sufficient information - HTTP_HOST not set."
I tried adding to mysite/_config.php the following:
$_FILE_TO_URL_MAPPING['/var/www/cms'] = 'http://our.site.com';
but the problem is still there... Any hint?
15 April 2011 at 7:20pm
I ended up adding a mod_security rule to Apache:
SecRule REQUEST_METHOD "!^(?:GET|HEAD|OPTIONS|POST|CONNECT)$"
23 August 2011 at 10:17am
i fixed the problem by setting register_globals = On in php.ini
29 August 2011 at 6:57pm
Sadly that command is deprecated (http://php.net/manual/en/security.globals.php) and can cause security problems :/
31 August 2011 at 1:21am Last edited: 31 August 2011 1:21am
Looking at the protocolAndHost() function, it seems that it doesn't use the HTTP_HOST var if an $alternateBaseURL is given. So you can set the website root from mysite/_config.php?
As long as it's a 'simple' site that has the one root, it stills seems to work fine... So I don't know if there's anything against using this, apart from obvious issues on moving the site?
31 August 2011 at 1:42am
I'll try that, thank you
|Go to Top|