Skip to content

Instantly share code, notes, and snippets.

@mattdeboard

mattdeboard/apache2.conf

Created August 25, 2011 13:22
Show Gist options
  • Save mattdeboard/1170639 to your computer and use it in GitHub Desktop.
Save mattdeboard/1170639 to your computer and use it in GitHub Desktop.
Download ZIP
Apache2.conf patch
Raw
apache2.conf
<snip>
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range
# bad-range logging
CustomLog logs/range-CVE-2011-3192.log common env=bad-range
</snip>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment