bef
commented
8 years ago Correct. In fact most of Suhosin's filtering capabilities can be easily replaced by other filters either using the web server (mod_rewrite, mod_env, ...) or by configuring a WAF (e.g. mod_security). It just takes a lot of time and effort to configure all of them, so why not add some important filters to Suhosin.
Just for the record, this is much easier to be mitigated at Webserver level: https://httpoxy.org/