httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guenter Knauf <fua...@apache.org>
Subject Re: CVE-2011-3192: Range header DoS vulnerability in Apache 1.3 and Apache 2 (NEAR FINAL DRAFT-4)
Date Wed, 24 Aug 2011 14:34:11 GMT
Dirk,
Am 24.08.2011 15:23, schrieb Dirk-WIllem van Gulik:
> 4)	Deploy a Range header count module as a temporary stopgap measure:
>
> 	http://people.apache.org/~dirkx/mod_rangecnt.c
can you please apply:
--- mod_rangecnt.c.orig	Wed Aug 24 16:25:34 2011
+++ mod_rangecnt.c	Wed Aug 24 15:26:48 2011
@@ -22,6 +22,7 @@
  #include "httpd.h"
  #include "http_config.h"
  #include "http_log.h"
+#include "http_protocol.h"

  #ifndef MAXRANGEHEADERS
  #define MAXRANGEHEADERS (5)

which I need on NetWare in order to get ap_hook_post_read_request() proto;

and maybe we should also add links to mod_rangecnt binaries?
for Netware:
http://people.apache.org/~fuankg/httpd/apache_2.2.x-mod_rangecnt.zip
http://people.apache.org/~fuankg/httpd/apache_2.0.x-mod_rangecnt.zip

Gregg, are you up to provide Win32 binaries too?

Gün.



Mime
View raw message