modules/apache/templates/CVE-2011-3192.conf


1
2
3
4
5
6
7
8
9
10
11
12

          # Drop the Range header when more than 5 ranges.
          # CVE-2011-3192
          SetEnvIf Range (?:,.*?){5,5} bad-range=1
          RequestHeader unset Range env=bad-range

          # We always drop Request-Range; as this is a legacy
          # dating back to MSIE3 and Netscape 2 and 3.
          #
          RequestHeader unset Request-Range

          # optional logging.
          CustomLog logs/range-CVE-2011-3192.log common env=bad-range