Return-Path: 
 <dev-return-72273-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 00DEB874D
	for <apmail-httpd-dev-archive@www.apache.org>;
 Wed, 24 Aug 2011 12:59:24 +0000 (UTC)
Received: (qmail 95847 invoked by uid 500); 24 Aug 2011 12:59:23 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 95680 invoked by uid 500); 24 Aug 2011 12:59:22 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 95671 invoked by uid 99); 24 Aug 2011 12:59:22 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Aug 2011 12:59:22 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of covener@gmail.com designates
 209.85.210.44 as permitted sender)
Received: from [209.85.210.44] (HELO mail-pz0-f44.google.com) (209.85.210.44)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Aug 2011 12:59:14 +0000
Received: by pzk36 with SMTP id 36so982004pzk.17
        for <dev@httpd.apache.org>; Wed, 24 Aug 2011 05:58:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=Jdpw41nz5G/yiKa0YT3LQcm3yilFr7yHXWF/i5wKvpc=;
        b=G1slPvlP3EciGVn0z6MEfPDcB6pNR+ZzI6zsL6ibaTswk1XE5jS3QUtT9+hAzFXet+
         vLADcJ+6Yf/V/UvgoRHrZ/hfvYt/CVdMyJtk+3ONSwVqfmL6+cWQNfZkLg9jcsOpxED6
         WUSikpXMIA6t+JaURxhnAksoDJXQGRuoyKe8Q=
MIME-Version: 1.0
Received: by 10.142.214.12 with SMTP id m12mr2835920wfg.73.1314190732878; Wed,
 24 Aug 2011 05:58:52 -0700 (PDT)
Received: by 10.143.5.4 with HTTP; Wed, 24 Aug 2011 05:58:52 -0700 (PDT)
In-Reply-To: 
 <E563FB5AB3F02844AC749BA39E494AB4052FBEB2@VF-MBX11.internal.vodafone.com>
References: 
 <E563FB5AB3F02844AC749BA39E494AB4052FBD64@VF-MBX11.internal.vodafone.com>
	<5A3B5F78-AEAF-4922-9C86-7669CCD18024@webweaving.org>
	<E563FB5AB3F02844AC749BA39E494AB4052FBE8C@VF-MBX11.internal.vodafone.com>
	<CALK=YjMyNC8Ue=sbxoC59u_Bxa3MBd5mMqETaL6f2h6iBQQiJQ@mail.gmail.com>
	<E563FB5AB3F02844AC749BA39E494AB4052FBEB2@VF-MBX11.internal.vodafone.com>
Date: Wed, 24 Aug 2011 08:58:52 -0400
Message-ID: 
 <CALK=YjPnttwhgVyimkY_UZaMqr99=ecvPA6g4N_jxNsyNG-z5g@mail.gmail.com>
Subject: Re: Mitigation Range header (Was: DoS with mod_deflate & range
 requests)
From: Eric Covener <covener@gmail.com>
To: dev@httpd.apache.org
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

> Of course it should have been:
>
> RewriteCond %{HTTP:range} !^bytes=[^,]+(,[^,]+){0,4}$
> RewriteRule .* - [F]

The problem with the negation is you need an addl rule to handle an
empty range header, this would forbid normal non-range requests.

-- 
Eric Covener
covener@gmail.com