Ciao davide, Very nice , thanks for the submittal and thoughts regarding thisissue, all of it is handy.. Only problem with these patches, unless you look at the advisory/and or patch and see exactly what needs to be filteed, only then maybe can have a really tough regex, wich btw would be VERY cool and handy.! Good line of thinking anyhow. Props. xd
On 24 August 2011 18:03, Davide Guerri <davide.gue...@gmail.com> wrote: > While waiting for an official patch, how about the following workaround? > > > RewriteEngine On > > RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC] > > RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+ > > RewriteRule .* - [F] > > > The workaround uses modrewrite to forbid get|head requests with multiple > ranges in the Range HTTP header. > The second regex could be improved but it works for the exploit released so > far... > > Cheers, > Davide. > > > On 24/ago/2011, at 08:01, -= Glowing Sex =- wrote: > > > This is handy to read for anyone who runs apache... its worth a look... > thx kcope ;> > > xd > > > > > > On 24 August 2011 13:26, HI-TECH . < > isowarez.isowarez.isowa...@googlemail.com> wrote: > > Hello list, > > oops looks like this bug has nothing to do with mod_deflate/mod_gzip, > > read on here where the apache team is resolving the issue: > > > > http://www.gossamer-threads.com/lists/apache/dev/401638 > > > > Cheers, > > > > Kingcope > > > > 2011/8/20 Moritz Naumann <secur...@moritz-naumann.com>: > > > On 20.08.2011 00:23 HI-TECH . wrote: > > >> (see attachment) > > >> /Kingcope > > > > > > Works (too) well here. Are there any workarounds other than rate > > > limiting or detecting + dropping the traffic IPS-wise? > > > > > > Moritz > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/