[Full-disclosure] Apache Killer
jan.gehring at inovex.de
Wed Aug 24 10:26:10 BST 2011
On 08/24/2011 11:04 AM, Davide Guerri wrote:
> Hi Sex (lol, weird thing to say),
> I agree with you.
> Moreover, this kind of filtering likely can't be used as-is for every apache installation.
> However, it will hopefully prevent kiddies to pwn our web servers. :)
Using mod_headers with
RequestHeader unset Range
should work, too. At least it works for me (Debian Lenny, Apache 2.2.9).
If you have no download site it should be okay.
Full-Disclosure is hosted and sponsored by Secunia.