fastcgi causing 502 errors? [was: alternating 404 and 200]

Nuno Magalhães nunomagalhaes at
Mon Sep 7 18:13:02 MSD 2009

Since this seemed to be php-related i've installed apache 2.2.12. It
didn't give me nearly as many errors as nginx but it did send unparsed
pages from time to time (i.e. with both php and html code...). I had
child processes segfaulting in the log all the time and this error:
[error] [client xx.xx.xx.xx] ALERT - canary mismatch on efree() - heap
overflow detected (attacker 'xx.xx.xx.xx', file '/home/xxx\

After digging some more i ended up upgrading to apache 2.2.13 and
setting suhosin.session.encrypt = off in apache's php/suhosin
configuration. This solved the issue.

However, the general /etc/php5/conf.d/suhosin.ini and
/etc/php5/cgi/conf.d/suhosin.ini both already have
suhosin.session.encrypt = off, so i can't really test this against
nginx+FastCGI. I'll try and upgrade to 5.3 later (and to nginx 0.8.14)
and see if it helps.

This issue happens with PHP's start_session() function, and is being
discussed in a few distros[1][2].

HTH whoever's facing the same issues.
Nuno Magalhães


()  ascii-rubanda kampajno - kontraŭ html-a retpoŝto
/\  ascii ribbon campaign - against html e-mail

More information about the nginx mailing list