2011/8/24 Carlos Alberto Lopez Perez <clo...@igalia.com> > On 24/08/11 08:53, Dirk Hartmann wrote: > > Hi, > > > > it is possible to dos a actual squeeze-apache2 with easy to forge > > rage-requests: > > > > > http://lists.grok.org.uk/pipermail/full-disclosure/2011-August/082299.html > > > > Apache-devs are working on a solution: > > > > http://www.gossamer-threads.com/lists/apache/dev/401638 > > > > But because the situation seems serious I thought I give you a heads up. > > > > Running this script against a squeeze machine with 8 Cores and 24GB Ram > you > > only need 200 threads to kick it out of memory. > > > > Cheers > > Dirk > > > > You can use the following redirect as a temporally workaround: > > # a2enmod rewrite > > RewriteEngine On > RewriteCond %{HTTP:Range} bytes=0-.* [NC] > RewriteRule .? http://%{SERVER_NAME}/ [R=302,L] > > I'm not an Apache expert, could you please explain in broad terms what does the workaround does?
Thanks a lot, Andrea -- *Andrea Zwirner* *email:* and...@linkspirit.org *cell:* +39 366 1872016 *Linkspirit Sistemi Informatici* *Applicazioni raffinate della scienza informatica* Via Delle Industrie 5 - 33050 Ronchis UD *tel:* +39 0432 1845030 - *fax:* +39 0432 309903 *web:* www.linkspirit.it - *email:* i...@linkspirit.it
