|
Full Disclosure
mailing list archives
Re: Apache Killer
From: Jan Gehring <jan.gehring () inovex de>
Date: Wed, 24 Aug 2011 11:26:10 +0200
On 08/24/2011 11:04 AM, Davide Guerri wrote:
Hi Sex (lol, weird thing to say),
I agree with you.
Moreover, this kind of filtering likely can't be used as-is for every apache installation.
However, it will hopefully prevent kiddies to pwn our web servers. :)
Cheers,
Davide.
Using mod_headers with
RequestHeader unset Range
should work, too. At least it works for me (Debian Lenny, Apache 2.2.9).
If you have no download site it should be okay.
Regards,
Jan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Apache Killer Carlos Alberto Lopez Perez (Aug 24)
(Thread continues...)
|
