pfsense lighttpd[54505]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT
-
Hi, I was hoping someone might be able to point me in the right direction as to figuring out where these errors are coming from:
FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'W_gMsrZ2wp1G3HreB2x2_1KhLw11Q3giaW8GC1Q4mnVR7XAAOkERjPjPcxX5w3hqY_aISdIS9oJzfPhuKP9A7tljVSuV6jJZ_zjGuzX7Lchyyk6oqKB31mU1rcGY7k4vP0VcGHGRdmNTJG2F42N5gW2lM1gUDjxEta_hPL_01jiJ52Re7zyqpQ7uKwMGkkttblID_36AHMy4hCMIV4se5WWfuJPPYgtRinZnSlOQNG3i4zgjGwWwj5ANjlI3yFk3xnOVe_Vf6oj3B7n2EvHobGH0cfhNiVUcpRNnYbjRxLUIDss3W5JCo614QFk_JjPweMOLOu1OJWwdL_iba_5V_8ohd_Vt5hAO_J_6JWl_ZPiI9QekQz6vGpmHJcnyGx5x4wKysUDnhqaY8OCgKprE3UyYtbnKyyNLXnNfDQd6KG1rF11we_wxHd5dKvFOBlgowGRjnAqI8lZC8tOxwo9RZqzZlum4G6K1BfJ9Dh49krDAuMtJENEkLtkYID6ZCl8tpGdhAkWu1mnY6J5ZH1zXFr1uc58Vpao5_mi5AZeWS_rsOW9NIfTpM6cQ3nEk4R3ij1SuAwILbT1ZJ1_JNnZ1HIPTzcqwbdkq6S3BSLKzwKwM7nx3cMlfwNrP9REtbRrWz5Xmidwz1AI9GIHfwYiQqbkIXOPiIK_kJM1wI2bZq3vaw8Nm2vyCNhGBrHGahi2GwOHEJROlVqOzebasCTST25hsNBJ5hd3mr6eckR5giz5d5O2AvXifcRAZko_Sv1KDSlN35Z5zoSBctVNyoasREfy7I0wsCoYzp_aZjXVKfsxnXuZ1wT_un1dT26f6BPiaSLjjWiOtcz8yCQ2si5DpelYOb_mlLjjZsSV
May 9 16:20:47 pfsense lighttpd[54505]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'NYNXpKx2wp2_4Q_5fkLkGRNLX5sZs2RDTMCwjDs7niXnIEKfR9ibUoSckxNQVbiw_yu1dfJEAu_SWLVIpNwNKX6deKH7Et3DSh5oY5R8EjjJCkjkTkrvHUmzvEHa9EeakihoeY454TfwZ8J_aiTv_OzoqcjqvbEYsS0SyvKWEsqHH7ELki1WMxMvmBZ_hkJ8sADAdoO8EWjYq41oMNVso_bQRNL5_N3ht8b7g_TvbOlPDYCMxno9_Mi_zt4bSaxjJBTWBSQTUc9JuzzrcmW7D_zbfV8eihe_a3TSeypsNKZMuch1lgC0TKlpo1evDdgQdN_SaeRpVpcNzfYGDIr9fbSQLEXq1cgTrxCg1fMq0IhSoTgPFDCfAaDCblX13XipeT6o3d4ZKnRJBsy_Gn9ZXr3AHR52Jka0tM8bpgqYB4mhQvkeR2x4PMLbqK5NADcwZOMNnHhyM1cydbFPkZPhkl_dT_lTkxzpe5QMOKhbULWGzhWLZMPYlnYm_1b7WIPHGyLrY64pDCblByvM23vB4D4BDQF76lrqnm1_2xUtniJHBXPIA2OP50s4KS8Gnn_VK2u5q9SDxFNk2QDTo7F52KdJ_LSMo7jwiXCrQxnpGiYNznNGSyKqhE0yPIKNGZOwt6Eczt2_wOTG0e9kkNNnrB6C2PChoSg8LKg_d3RM2CSvMDgBBkbcmrUeQmxnVuupK9tscDJcYwYmy7hWx9TYt8FIGnUvKYa8kF0mZkFWgIJmNQysqTAogWqT5ucQN5muQb3NfQlEc5J5LekbjoZrGkWqmzciqcou0ggnTO2gtji0OCUb2SZlL1Ck251j3_DHXnvsQ72_tqs_dOnKB2LeRK1jrCrQRLWrBqm
I have found similar errors posted, but it seems those errors included more information like a filename related to the error. I tried one suggestion to remove invalid characters and decode with a base 64 decoder but the output seems to just be random characters (and removing the underscores always leaves the right amount of characters to decode with base64.
I thought it might somehow be related to accessing the admin from firefox, but leaving it open in chrome seems to have the same effect. I have only viewed traffic graph, system log page and dhcp lease page during the time this occurs, but it doesn't seem to occur at the opening of a page.
I am using 2.0.3-RELEASE (amd64) and I only have lusca-cache, squidguard, and widescreen packages installed and there are no other errors in the system log. I don't think these errors where present before the upgrade to 2.0.3, but I am not 100% sure of that, I just don't recall ever seeing them.
I don't mind trying to figure this out on my own, I just honestly don't know where to start.
EDIT
I don't know if there is any relevancy to this or not but I get each error twice, then the next time its a different set of characters, again twice each. -
No one?
-
They can likely just be ignored, especially if you're using captive portal.
Usually people see those when using captive portal and some bit of software is trying to phone home and gets redirected to the portal login instead, so lighttpd sees are request it otherwise wouldn't.
-
Yeah, I have seen others with this issue involving captive portal, but as I stated above I only have lusca-cache, squidguard, and the widescreen packages installed.
I've never even used captive portal. If there is nothing to worry about that is fine, I just wasn't sure if this was a side effect of the upgrade to 2.0.3 or if there was
something else going on malware related, or something similar on the network.