[Full-disclosure] Apache Killer
Jan Gehring
jan.gehring at inovex.de
Wed Aug 24 10:26:10 BST 2011
On 08/24/2011 11:04 AM, Davide Guerri wrote:
> Hi Sex (lol, weird thing to say),
> I agree with you.
> Moreover, this kind of filtering likely can't be used as-is for every apache installation.
>
> However, it will hopefully prevent kiddies to pwn our web servers. :)
>
> Cheers,
> Davide.
>
Using mod_headers with
RequestHeader unset Range
should work, too. At least it works for me (Debian Lenny, Apache 2.2.9).
If you have no download site it should be okay.
Regards,
Jan
Full-Disclosure is hosted and sponsored by Secunia.