[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Apache Killer

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Apache Killer
From: Pat Maechler <Patrick.Maechler@xxxxxxxxxxxxxx>
Date: Wed, 24 Aug 2011 19:07:11 +0200

Does this fix work as well if I put it in httpd.conf instead?
I'm no Apache/RewriteEngine crack, but I know that there are some  
differences with the rewrite engine if you put it into httpd.conf  
instead of .htaccess (and I have currently no possibility to do a safe  
test) :-/

Reply to
> From: Davide Guerri <davide.guerri () gmail com>
> Date: Wed, 24 Aug 2011 10:03:03 +0200
>> RewriteEngine On
>> RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC]
>> RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+
>> RewriteRule .* - [F]

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Apache Killer
  - From: -= Glowing Sex =-

Prev by Date: Re: [Full-disclosure] Apache Killer
Next by Date: [Full-disclosure] Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
Previous by thread: [Full-disclosure] Apache Killer
Next by thread: Re: [Full-disclosure] Apache Killer
Index(es):
- Date
- Thread