httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehezkel Horowitz <>
Subject RequestHeader early with CVE-2011-3192
Date Thu, 01 Sep 2011 13:58:07 GMT

In case I don't want to support "Range" and "Request-Range" headers at all, would it be safe
to remove those headers in the early processing hook?

Something like:
RequestHeader unset Range early
RequestHeader unset Range-Request early

I'm asking because the documentation of mod_headers recommends not using the early mode in
an operational server.


Yehezkel Horowitz
Check Point Software Technologies Ltd.

View raw message