diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2011-08-25 19:53:21 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2011-08-25 19:53:21 -0300 |
| commit | ff8478731d6a93cd22d06a1c4769bdc095fedaf0 (patch) | |
| tree | 01b4e5f6be8ff09ca132d67e8338b2c72ce6b9b8 | |
| parent | 628f80926a4187d76a8dddb0c0a1d37305706ca2 (diff) | |
| download | puppet-apache-ff8478731d6a93cd22d06a1c4769bdc095fedaf0.tar.gz puppet-apache-ff8478731d6a93cd22d06a1c4769bdc095fedaf0.tar.bz2 | |
Mitigation for CVE-2011-3192
| -rw-r--r-- | templates/apache2.conf.erb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/templates/apache2.conf.erb b/templates/apache2.conf.erb index ee28bdc..e387ea8 100644 --- a/templates/apache2.conf.erb +++ b/templates/apache2.conf.erb @@ -89,6 +89,13 @@ MaxKeepAliveRequests 100 # KeepAliveTimeout 15 +# Drop the Range header when more than 5 ranges. +# CVE-2011-3192 +# See http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/browser +# TODO: remove this when a fix is released +SetEnvIf Range (,.*?){5,} bad-range=1 +RequestHeader unset Range env=bad-range + ## ## Server-Pool Size Regulation (MPM specific) ## |