CentOS 5 ships with Apache 2.2.12 by default. Security releases that affect this version are documented here.
Denial of service attack. Some mitigation options exist.
RequestHeader unset Range
Note that this may break certain clients - such as those used for e-Readers and progressive/http-streaming video.
Furthermore to ignore the Netscape Navigator 2-3 and MSIE 3 specific legacy header - add:
RequestHeader unset Request-Range
Denial of service attack.
Setting the IgnoreClient
option to the IndexOptions
directive disables processing of the client-supplied request query arguments, preventing this attack.
IndexOptions IgnoreClient