[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Apache Killer

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Apache Killer
From: Jan Gehring <jan.gehring@xxxxxxxxx>
Date: Wed, 24 Aug 2011 11:26:10 +0200

On 08/24/2011 11:04 AM, Davide Guerri wrote:
> Hi Sex (lol, weird thing to say),
> I agree with you.
> Moreover, this kind of filtering likely can't be used as-is for every apache 
> installation.
>
> However, it will hopefully prevent kiddies to pwn our web servers. :)
>
> Cheers,
>   Davide.
>

Using mod_headers with

    RequestHeader unset Range

should work, too. At least it works for me (Debian Lenny, Apache 2.2.9). 
If you have no download site it should be okay.

Regards,

Jan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Apache Killer
  - From: HI-TECH .
- Re: [Full-disclosure] Apache Killer
  - From: Moritz Naumann
- Re: [Full-disclosure] Apache Killer
  - From: HI-TECH .
- Re: [Full-disclosure] Apache Killer
  - From: -= Glowing Sex =-
- Re: [Full-disclosure] Apache Killer
  - From: Davide Guerri
- Re: [Full-disclosure] Apache Killer
  - From: -= Glowing Sex =-
- Re: [Full-disclosure] Apache Killer
  - From: Davide Guerri

Prev by Date: [Full-disclosure] Open classifieds 1.7.2 Xss Vulnerability
Next by Date: Re: [Full-disclosure] Apache Killer
Previous by thread: Re: [Full-disclosure] Apache Killer
Next by thread: Re: [Full-disclosure] Apache Killer
Index(es):
- Date
- Thread