[Box-Admins] Workaround configured for potential Apache DOS issue
Ken Causey
ken at kencausey.com
Thu Aug 25 15:44:21 UTC 2011
I noticed a report of a potential new DOS (apparently already being
exploited) for all versions of Apache this morning.
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E
I have installed the Option 2 workaround in /etc/apache2/apache2.conf.
I tried the Option 1 first but apache complains that RequestHeader unset
require two arguments which contradicts the documentation. But then I
found
http://people.apache.org/~dirkx/CVE-2011-3192.txt
another version of this same announcement. Newer? I don't know. But
it says to use Option 1 only for Apache 2.2.
Ken
More information about the Box-Admins
mailing list