httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: CVE-2011-3192: Range header DoS vulnerability in Apache 1.3 and Apache 2 (DRAFT-3)
Date Wed, 24 Aug 2011 13:17:37 GMT
> *       Is this the right list (and order) of the mitigations - or should ReWrite be
first ?
FWIW I don't like rewrite first because it's so unruly with being
defined once per vhost + main server + RewriteEngine on.

I like RequestHeader simplicity, and could be combined with SetEnvIf
to only zap long malicious looking headers.

Mime
View raw message