Apache - disable range requests - disadvantages?

Some applications that make requests to sites directly like to use ranges - I believe Adobe Reader is a good example.

You can grep through your Apache logs looking for 206 partial response codes to see if anyone's actually using ranges for your site.

For a workaround for this exploit, I'd say use the one recommended by Apache, which simply blocks ranges when there's more than 5 sets requested - which should leave any normal range requests unaffected, but block malicious ones:

SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

Having users su/sudo in Linux based on Active Directory group when using pam_winbind

Why does the .NET Folder.CopyHere Method not allow dialog suppression for .ZIP files when run within a SQL Server Agent PowerShell job step?

What exactly does SuPHP do?

Traceroute hits destination on fourth hop, then does 15 more

SL6: Non-standard home directories, Error: `Could not chdir to home directory` upon login, but `cd $HOME` works?

How does ping work when a host name has multiple ip addresses?

How to keep the Amazon EBS Backed AMI persistent?

Setting up sub-domains with 123-reg.co.uk

Off site laptop usage policy enforcement, what are the trends and applications available?

How to change back /etc/sudoers file right to 0440?

Amazon EC2 gui access?

Duplicating an ESXi host to another ESXi host as a backup solution

Apache - disable range requests - disadvantages?

Related

Recent Posts