Full Disclosure mailing list archives

Re: Apache Killer

From: Jan Gehring <jan.gehring () inovex de>
Date: Wed, 24 Aug 2011 11:26:10 +0200

On 08/24/2011 11:04 AM, Davide Guerri wrote:

Hi Sex (lol, weird thing to say),
I agree with you.
Moreover, this kind of filtering likely can't be used as-is for every apache installation.

However, it will hopefully prevent kiddies to pwn our web servers. :)

Cheers,
  Davide.


Using mod_headers with

    RequestHeader unset Range

should work, too. At least it works for me (Debian Lenny, Apache 2.2.9). 
If you have no download site it should be okay.


Regards,

Jan


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Apache Killer, (continued)
- - - Re: Apache Killer Michal Zalewski (Aug 24)
    - Re: Apache Killer root (Aug 24)
    - Re: Apache Killer Dan Kaminsky (Aug 24)
    - Re: Apache Killer root (Aug 24)
    - Re: Apache Killer Dan Kaminsky (Aug 24)
    - Re: Apache Killer root (Aug 25)
    - Re: Apache Killer -= Glowing Sex =- (Aug 23)
    - Re: Apache Killer Davide Guerri (Aug 24)
    - Re: Apache Killer -= Glowing Sex =- (Aug 24)
    - Re: Apache Killer Davide Guerri (Aug 24)
    - Re: Apache Killer Jan Gehring (Aug 24)
    - Re: Apache Killer Jari Fredriksson (Aug 24)
    - Re: Apache Killer Davide Guerri (Aug 24)
    - Re: Apache Killer Jari Fredriksson (Aug 24)
    - Re: Apache Killer ZOne (Aug 25)
    - Re: Apache Killer Marco Ermini (Aug 25)
    - Re: Apache Killer David (Aug 25)
  - Re: Apache Killer Carlos Alberto Lopez Perez (Aug 24)
    - Re: Apache Killer Douglas Huff (Aug 24)
    - Re: Apache Killer Douglas Huff (Aug 24)
    - Re: Apache Killer Davide Guerri (Aug 24)

(Thread continues...)