Paweł, Can you confirm that sending a request with an overlapping byte range e.g.:
HEAD / HTTP/1.1 Host: localhost Range:bytes=1-15,10-35,8-9,14-22,0-5,23- Accept-Encoding: gzip Connection: close returns "200 OK"? Perhaps you could report what modules you have loaded? "apache2ctl -t -D DUMP_MODULES" will do it. I'm going to leave this bug open and make it public, as I've received another report via email of a lucid user claiming that the update didn't help their system, either, and if possible, I'd like them to chime in here, too. ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/839569 Title: Apache2 is still Range header DoS vulnerable if gzip compression is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/839569/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs