From c4858ebfa999ba902deac5f2d7b5c26ffe97f8b2 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 1 Sep 2011 10:13:10 -0300
Subject: Remove CVE-2011-3192 workaround

---
 templates/apache2.conf.erb | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'templates')

diff --git a/templates/apache2.conf.erb b/templates/apache2.conf.erb
index e387ea8..ee28bdc 100644
--- a/templates/apache2.conf.erb
+++ b/templates/apache2.conf.erb
@@ -89,13 +89,6 @@ MaxKeepAliveRequests 100
 #
 KeepAliveTimeout 15
 
-# Drop the Range header when more than 5 ranges.
-# CVE-2011-3192
-# See http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/browser
-# TODO: remove this when a fix is released
-SetEnvIf Range (,.*?){5,} bad-range=1
-RequestHeader unset Range env=bad-range
-
 ##
 ## Server-Pool Size Regulation (MPM specific)
 ## 
-- 
cgit v1.2.3