Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "CVE-2011-3192" page has been changed by wrowe: http://wiki.apache.org/httpd/CVE-2011-3192?action=diff&rev1=5&rev2=6 WARNING These directives need to be specified in every configured vhost, or inherited from server context as described in: + http://httpd.apache.org/docs/current/mod/mod_rewrite.html#vhosts 2) Use mod_headers to completely dis-allow the use of Range headers: @@ -194, +195 @@ 4) Deploy a Range header count module as a temporary stopgap measure. + http://people.apache.org/~dirkx/mod_rangecnt-improved/ + An improved stop-gap module for the 2.x series was provided by Guenter Knauf and can be found at: + + http://people.apache.org/~dirkx/mod_rangecnt.c Note ==== @@ -209, +214 @@ ================================== Red Hat: Has additional RHEL specific information at: + https://bugzilla.redhat.com/show_bug.cgi?id=732928 NetWare: Pre compiled binaries available. mod_security: Has updated their rule set; see + http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html Actions: --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
