Well here we go, the old problem came back for unknown reason. Running debian lenny, latest apache/php5. Installed suhosin with aptitude. The only thing I changed is the blacklist and post and request max_vars, the error and all pages that use define() result in this: Code: define() has been disabled for security reasons suhosin.ini Code: ; configuration for php suhosin module ;extension=suhosin.so ;;;;;;;;;;;;;;;;;;; ; Module Settings ; ;;;;;;;;;;;;;;;;;;; ; the following values are the internal default settings and set implicit ; feel free to modify to your needs [suhosin] ; Logging Configuration ;suhosin.log.syslog.facility = 9 ;suhosin.log.syslog.priority = 1 ;suhosin.log.script = 0 ;suhosin.log.phpscript = 0 ;suhosin.log.script.name = ;suhosin.log.phpscript.name = ;suhosin.log.use-x-forwarded-for = off ; Executor Options ;suhosin.executor.max_depth = 0 ;suhosin.executor.include.max_traversal = 0 ;suhosin.executor.include.whitelist = ;suhosin.executor.include.blacklist = ;suhosin.executor.func.whitelist = suhosin.executor.func.blacklist = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source ;suhosin.executor.eval.whitelist = ;suhosin.executor.eval.blacklist = ;suhosin.executor.disable_emodifier = off ;suhosin.executor.allow_symlink = off ; Misc Options ;suhosin.simulation = off ;suhosin.apc_bug_workaround = off ;suhosin.sql.bailout_on_error = off ;suhosin.sql.user_prefix = ;suhosin.sql.user_postfix = ;suhosin.multiheader = off ;suhosin.mail.protect = 0 ;suhosin.memory_limit = 0 ; Transparent Encryption Options ;suhosin.session.encrypt = on ;suhosin.session.cryptkey = ;suhosin.session.cryptua = on ;suhosin.session.cryptdocroot = on ;suhosin.session.cryptraddr = 0 ;suhosin.session.checkraddr = 0 ;suhosin.cookie.encrypt = on ;suhosin.cookie.cryptkey = ;suhosin.cookie.cryptua = on ;suhosin.cookie.cryptdocroot = on ;suhosin.cookie.cryptraddr = 0 ;suhosin.cookie.checkraddr = 0 ;suhosin.cookie.cryptlist = ;suhosin.cookie.plainlist = ; Filtering Options ;suhosin.filter.action = ;suhosin.cookie.max_array_depth = 100 ;suhosin.cookie.max_array_index_length = 64 ;suhosin.cookie.max_name_length = 64 ;suhosin.cookie.max_totalname_length = 256 ;suhosin.cookie.max_value_length = 10000 ;suhosin.cookie.max_vars = 100 ;suhosin.cookie.disallow_nul = on ;suhosin.get.max_array_depth = 50 ;suhosin.get.max_array_index_length = 64 ;suhosin.get.max_name_length = 64 ;suhosin.get.max_totalname_length = 256 ;suhosin.get.max_value_length = 512 ;suhosin.get.max_vars = 100 ;suhosin.get.disallow_nul = on ;suhosin.post.max_array_depth = 100 ;suhosin.post.max_array_index_length = 64 ;suhosin.post.max_name_length = 64 ;suhosin.post.max_totalname_length = 256 ;suhosin.post.max_value_length = 65000 suhosin.post.max_vars = 2048 ;suhosin.post.disallow_nul = on ;suhosin.request.max_array_depth = 100 ;suhosin.request.max_array_index_length = 64 ;suhosin.request.max_totalname_length = 256 ;suhosin.request.max_value_length = 65000 suhosin.request.max_vars = 2048 ;suhosin.request.max_varname_length = 64 ;suhosin.request.disallow_nul = on ;suhosin.upload.max_uploads = 25 ;suhosin.upload.disallow_elf = on ;suhosin.upload.disallow_binary = off ;suhosin.upload.remove_binary = off ;suhosin.upload.verification_script = ;suhosin.session.max_id_length = 128 So erm If I put simulation ON, then I get the same error plus one extra: Code: require_once() has been disabled for security reasons Been reading and trying to find out what's happening for all day and nothing.