[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Advisory: Range header DoS vulnerability
From: Andrew Farmer <andfarm () gmail ! com>
Date: 2011-08-29 23:39:59
Message-ID: BAE87C07-EA57-4198-A465-8AB57FE16CE6 () gmail ! com
[Download RAW message or body]
On 2011-08-26, at 08:12, Nikolay Kichukov wrote:
> Hi,
> This one works like charm on my debian stable
>
> LimitRequestFieldSize 200
>
> in the apache2.conf as global directive for all vhosts.
Be cautious about applying this mitigation -- it *will* break applications which use large \
cookies. In particular, the cookies generated by Google Analytics are often over 200 bytes long \
alone. _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic