httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Mitigation Range header (Was: DoS with mod_deflate & range requests)
Date Wed, 24 Aug 2011 14:17:51 GMT
 

> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com] 
> Sent: Mittwoch, 24. August 2011 14:59
> To: dev@httpd.apache.org
> Subject: Re: Mitigation Range header (Was: DoS with 
> mod_deflate & range requests)
> 
> > Of course it should have been:
> >
> > RewriteCond %{HTTP:range} !^bytes=[^,]+(,[^,]+){0,4}$
> > RewriteRule .* - [F]
> 
> The problem with the negation is you need an addl rule to handle an
> empty range header, this would forbid normal non-range requests.

Damn it. Got me again. How about this:


RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]

Regards

Rüdiger


Mime
View raw message