add temporary fix on champagne for CVE-2011-3192

author: Nicolas Vigier <boklm@mageia.org> 2012-05-31 23:05:13 +0000
committer: Nicolas Vigier <boklm@mageia.org> 2012-05-31 23:05:13 +0000
commit: ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5 (patch)
tree: d46f0fc4058c0e5250bc9e16d7a9b26f6bc5c286 /modules/apache/templates
parent: 6f99926171e989a0862cded41a1e3fdcdb16c599 (diff)
download: puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar
puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar.gz
puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar.bz2
puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar.xz
puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/apache/templates/CVE-2011-3192.conf b/modules/apache/templates/CVE-2011-3192.conf
new file mode 100644
index 00000000..25751adc
--- /dev/null
+++ b/modules/apache/templates/CVE-2011-3192.conf
@@ -0,0 +1,12 @@
+          # Drop the Range header when more than 5 ranges.
+          # CVE-2011-3192
+          SetEnvIf Range (?:,.*?){5,5} bad-range=1
+          RequestHeader unset Range env=bad-range
+
+          # We always drop Request-Range; as this is a legacy
+          # dating back to MSIE3 and Netscape 2 and 3.
+          #
+          RequestHeader unset Request-Range
+
+          # optional logging.
+          CustomLog logs/range-CVE-2011-3192.log common env=bad-range
author	Nicolas Vigier <boklm@mageia.org>	2012-05-31 23:05:13 +0000
committer	Nicolas Vigier <boklm@mageia.org>	2012-05-31 23:05:13 +0000
commit	ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5 (patch)
tree	d46f0fc4058c0e5250bc9e16d7a9b26f6bc5c286 /modules/apache/templates
parent	6f99926171e989a0862cded41a1e3fdcdb16c599 (diff)
download	puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar.gz puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar.bz2 puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.tar.xz puppet-ba8e3a7ad2195b5d7fd6624c988c9d263f1547e5.zip