[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grave apache dos possible through byterange requests

On 24/08/11 12:13, Carlos Alberto Lopez Perez wrote:
> You can use the following redirect as a temporally workaround:
> # a2enmod rewrite
> RewriteEngine On
> RewriteCond %{HTTP:Range} bytes=0-.* [NC]
> RewriteRule .? http://%{SERVER_NAME}/ [R=302,L]

Sorry, the above redirect is wrong. It won't work if the attacker
changes bytes=0 to bytes=1 for example in the perl exploit. Also it only
blocks the check that the exploit uses to see if the server is
vulnerable, but not the range requests that is where the real problem is.

Please use the following one instead (suggested at full-disclosure[1]):

RewriteEngine On
RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+
RewriteRule .* - [F]


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: