no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | centos_apache_security [2011/10/13 16:33] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== CentOS: Apache Security ====== | ||
+ | |||
+ | * [[Apache]] | ||
+ | * [[Apache Security]] | ||
+ | |||
+ | CentOS 5 ships with Apache 2.2.12 by default. | ||
+ | |||
+ | ==== 2.2.20 - Range header DoS vulnerability ==== | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | Denial of service attack. | ||
+ | |||
+ | == Use mod_headers to completely dis-allow the use of Range headers == | ||
+ | |||
+ | < | ||
+ | RequestHeader unset Range | ||
+ | </ | ||
+ | |||
+ | Note that this may break certain clients - such as those used for e-Readers and progressive/ | ||
+ | |||
+ | Furthermore to ignore the Netscape Navigator 2-3 and MSIE 3 specific legacy header - add: | ||
+ | |||
+ | < | ||
+ | |||
+ | ==== 2.2.19 - apr_fnmatch flaw leads to mod_autoindex remote DoS ==== | ||
+ | |||
+ | Denial of service attack. | ||
+ | |||
+ | Setting the '' | ||
+ | |||
+ | < | ||
+ | |||