> -Original Message-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Mittwoch, 24. August 2011 14:59
> To: dev@httpd.apache.org
> Subject: Re: Mitigation Range header (Was: DoS with
> mod_deflate & range requests)
>
> > Of course it should
> Of course it should have been:
>
> RewriteCond %{HTTP:range} !^bytes=[^,]+(,[^,]+){0,4}$
> RewriteRule .* - [F]
The problem with the negation is you need an addl rule to handle an
empty range header, this would forbid normal non-range requests.
--
Eric Covener
cove...@gmail.com
> -Original Message-
> From: Dirk-Willem van Gulik [mailto:di...@webweaving.org]
> Sent: Mittwoch, 24. August 2011 14:14
> To: dev@httpd.apache.org
> Subject: Re: Mitigation Range header (Was: DoS with
> mod_deflate & range requests)
>
>
> On 24 Aug 20
> -Original Message-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Mittwoch, 24. August 2011 14:05
> To: dev@httpd.apache.org
> Subject: Re: Mitigation Range header (Was: DoS with
> mod_deflate & range requests)
>
> On Wed, Aug 24, 2011 at 7:57
On 24 Aug 2011, at 12:57, Plüm, Rüdiger, VF-Group wrote:
>> -> Where possible - disable mod_deflate
>>
>> => we sure this covers all cases - or this is a good stopgap ?
>
> As said this has *nothing* to do with mod_deflate. This was IMHO just
> a guess by the original author of the
On Wed, Aug 24, 2011 at 7:57 AM, "Plüm, Rüdiger, VF-Group"
wrote:
>
>
>> -Original Message-
>> From: Dirk-Willem van Gulik
>> Sent: Mittwoch, 24. August 2011 13:33
>> To: dev@httpd.apache.org
>> Subject: Mitigation Range header (Was: DoS with mod_deflate &
>> range requests)
>>
>> Folks,
>
> -Original Message-
> From: Dirk-Willem van Gulik
> Sent: Mittwoch, 24. August 2011 13:33
> To: dev@httpd.apache.org
> Subject: Mitigation Range header (Was: DoS with mod_deflate &
> range requests)
>
> Folks,
>
> This issue is now active in the wild. So some unified/simple
> comms