[SteveSRS]

Hi,

Recently found out my server was vurnable:
http://httpd.apache....E-2011-3192.txt

I now fixed it with some extra rules in my htaccess file;
RequestHeader unset Range
RequestHeader unset Request-Range

And it works however I don't feel this is best solution and its not server wide, I'm actually not sure if adding these lines to apache2.conf would help.
An other fixed I tried (using mod_rewrite) didn't work when I put them in apache2.conf.

I run debian squeeze, and it says patch was already available but I ran:
apt-get update + upgrade but that did not solve any problems for me

Debian version 6.03
apache version: Apache/2.2.16 (Debian)

Anybody knows steps for a better solution?

Thanks

P.s. if you haven't checked your server I would advise you to do so.. tool is here:
http://seclists.org/...re/2011/Aug/175

[SteveSRS]

SteveSRS, on 01 December 2011 - 11:53 PM, said:

Hi,

Recently found out my server was vurnable:
http://httpd.apache....E-2011-3192.txt

I now fixed it with some extra rules in my htaccess file;
RequestHeader unset Range
RequestHeader unset Request-Range

And it works however I don't feel this is best solution and its not server wide, I'm actually not sure if adding these lines to apache2.conf would help.
An other fixed I tried (using mod_rewrite) didn't work when I put them in apache2.conf.

I run debian squeeze, and it says patch was already available but I ran:
apt-get update + upgrade but that did not solve any problems for me

Debian version 6.03
apache version: Apache/2.2.16 (Debian)

Anybody knows steps for a better solution?

Thanks

P.s. if you haven't checked your server I would advise you to do so.. tool is here:
http://seclists.org/...re/2011/Aug/175

Edit:
I noticed just after changing to solution mentioned above I got 500 error on my site due those lines, didn't matter if they were in htaccess or apache2.conf
So for me only this one works:
RewriteCond %{HTTP:Range} bytes=0-.* [NC]
RewriteRule .? http://%{SERVER_NAME}/ [R=302,L]

in htaccess