-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
On 2/4/2011 9:05 PM, Mark Thomas wrote: > All users are recommended to upgrade to a Tomcat version with the > work-around. Users unable to upgrade can filter malicious requests via a > Servlet filter, an httpd re-write rule (if Tomcat is behind an httpd > reverse proxy) or other filtering as available. For those who might need a bit of help implementing a workaround, here is one that uses mod_rewrite to kill these kinds of requests: RewriteCond "%{HTTP:Accept-Language}" "q=[0-9.]{10,}" RewriteRule .* / [L,E=no-jk:1,R=400] I chose "10" arbitrarily as the cutoff for the quality indicator, and "400 Bad Request" as the response. Technically, this is a redirect but it relies with a 400 status code. I also have the "no-jk" environment variable set which will cause mod_jk to ignore such requests. It's not really necessary, but it doesn't hurt. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1RxGoACgkQ9CaO5/Lv0PB4YgCfThXixGpMpteEtfiS5OLYTJ0m aa0AoK41TD8WN7axo/glJqKKHbPp2JeT =EoY2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org