httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47417] Apache Web Server 2.2.11 Incomplete HTTP Header Resource Exhaustion Vulnerability
Date Wed, 24 Jun 2009 20:39:40 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47417


Will Rowe <wrowe@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #1 from Will Rowe <wrowe@apache.org>  2009-06-24 13:39:38 PST ---
This is by design; see LimitRequest* directives for mitigation, especially;

http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields

The httpd group is reviewing alternatives for timeout processing, but is
already well aware of similar complaints.  In the interim, see iptables and
similar firewall tools and appliances to restrict abusive behavior patterns
at the IP and TCP layers, and LimitRequestFields etc to control the number
of headers expected by your specific environment.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message