no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


centos_apache_security [2011/10/13 16:33] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== CentOS: Apache Security ======
 +
 +  * [[Apache]]
 +  * [[Apache Security]]
 +
 +CentOS 5 ships with Apache 2.2.12 by default.  Security releases that affect this version are documented here.
 +
 +==== 2.2.20 - Range header DoS vulnerability ====
 +
 +  * [[http://httpd.apache.org/security/CVE-2011-3192.txt|CVE-2011-3192]]
 +
 +Denial of service attack.  Some mitigation options exist.
 +
 +== Use mod_headers to completely dis-allow the use of Range headers ==
 +
 +<code>
 +RequestHeader unset Range
 +</code>
 +
 +Note that this may break certain clients - such as those used for e-Readers and progressive/http-streaming video.
 +
 +Furthermore to ignore the Netscape Navigator 2-3 and MSIE 3 specific legacy header - add:
 +
 +<code>RequestHeader unset Request-Range</code>
 +
 +==== 2.2.19 - apr_fnmatch flaw leads to mod_autoindex remote DoS ====
 +
 +Denial of service attack.
 +
 +Setting the ''IgnoreClient'' option to the ''IndexOptions'' directive disables processing of the client-supplied request query arguments, preventing this attack.
 +
 +<code>IndexOptions IgnoreClient</code>
 +
  

Trace:

Navigation
QR Code
QR Code centos_apache_security (generated for current page)