aboutsummaryrefslogtreecommitdiffstats
path: root/modules/apache/templates/CVE-2011-3192.conf
diff options
context:
space:
mode:
Diffstat (limited to 'modules/apache/templates/CVE-2011-3192.conf')
-rw-r--r--modules/apache/templates/CVE-2011-3192.conf12
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/apache/templates/CVE-2011-3192.conf b/modules/apache/templates/CVE-2011-3192.conf
new file mode 100644
index 00000000..25751adc
--- /dev/null
+++ b/modules/apache/templates/CVE-2011-3192.conf
@@ -0,0 +1,12 @@
+ # Drop the Range header when more than 5 ranges.
+ # CVE-2011-3192
+ SetEnvIf Range (?:,.*?){5,5} bad-range=1
+ RequestHeader unset Range env=bad-range
+
+ # We always drop Request-Range; as this is a legacy
+ # dating back to MSIE3 and Netscape 2 and 3.
+ #
+ RequestHeader unset Request-Range
+
+ # optional logging.
+ CustomLog logs/range-CVE-2011-3192.log common env=bad-range