On 24/08/11 12:13, Carlos Alberto Lopez Perez wrote: > You can use the following redirect as a temporally workaround: > > # a2enmod rewrite > > RewriteEngine On > RewriteCond %{HTTP:Range} bytes=0-.* [NC] > RewriteRule .? http://%{SERVER_NAME}/ [R=302,L] > Sorry, the above redirect is wrong. It won't work if the attacker changes bytes=0 to bytes=1 for example in the perl exploit. Also it only blocks the check that the exploit uses to see if the server is vulnerable, but not the range requests that is where the real problem is. Please use the following one instead (suggested at full-disclosure[1]): RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC] RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+ RewriteRule .* - [F] -------- [1] http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082365.html
Attachment:
signature.asc
Description: OpenPGP digital signature