httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 47417] Apache Web Server 2.2.11 Incomplete HTTP Header Resource Exhaustion Vulnerability
Date Wed, 24 Jun 2009 20:39:40 GMT

Will Rowe <> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from Will Rowe <>  2009-06-24 13:39:38 PST ---
This is by design; see LimitRequest* directives for mitigation, especially;

The httpd group is reviewing alternatives for timeout processing, but is
already well aware of similar complaints.  In the interim, see iptables and
similar firewall tools and appliances to restrict abusive behavior patterns
at the IP and TCP layers, and LimitRequestFields etc to control the number
of headers expected by your specific environment.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message