Folks,
This issue is now active in the wild. So some unified/simple comms is needed.
What is the wisdom on mitigation advise/briefing until a proper fix it out - in
order of ease:
-> Where possible - disable mod_deflate
=> we sure this covers all cases - or this is a good stopgap ?
-> Where possible - set LimitRequestFieldSize to a small value
-> Suggesting of 128 fine ?
-> Where this is not possible (e.g. long cookies, auth headers of serious
size) consider using
mod_rewrite to not accept more than a few commas
=> anyone a config snipped for this ?
-> Perhaps a stop gap module
http://people.apache.org/~dirkx/mod_rangecnt.c (is this kosher??)
-> Apply patch XXX from the mailing list
Any thoughts ? Followed by a - upgrade as soon as a release is made
Thanks,
Dw
