Apache - disable range requests - disadvantages?
Some applications that make requests to sites directly like to use ranges - I believe Adobe Reader is a good example.
You can grep through your Apache logs looking for 206
partial response codes to see if anyone's actually using ranges for your site.
For a workaround for this exploit, I'd say use the one recommended by Apache, which simply blocks ranges when there's more than 5 sets requested - which should leave any normal range requests unaffected, but block malicious ones:
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range