On 26 aug. 2011, at 13:22, linbloke wrote: > I'm curious as to why you suggest option 2 over option 1 from the Apache > advisory? My guess is that it is compatible with version 1.3 and 2.x and that > is has stronger enforcement of the syntax (by requiring ^bytes=) rather than > just 5 comma separated fields. ... > RequestHeader unset Range env=bad-range
Correct; env=bad-range is not functional until midway the 2.x (2.2) series. > I don't want to touch every virtualhost config and Rewrite rules scare me too. A rewrite rule requires more care - as it may get negated deeper down. RequestHeader and SetEnvIf are more robust. Dw. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1567de1a-b6b5-4fb2-ae56-73c760793...@webweaving.org
