Folks, This issue is now active in the wild. So some unified/simple comms is needed.
What is the wisdom on mitigation advise/briefing until a proper fix it out - in order of ease: -> Where possible - disable mod_deflate => we sure this covers all cases - or this is a good stopgap ? -> Where possible - set LimitRequestFieldSize to a small value -> Suggesting of 128 fine ? -> Where this is not possible (e.g. long cookies, auth headers of serious size) consider using mod_rewrite to not accept more than a few commas => anyone a config snipped for this ? -> Perhaps a stop gap module http://people.apache.org/~dirkx/mod_rangecnt.c (is this kosher??) -> Apply patch XXX from the mailing list Any thoughts ? Followed by a - upgrade as soon as a release is made Thanks, Dw