'Re: [Full-disclosure] Advisory: Range header DoS vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Advisory: Range header DoS vulnerability
From:       Andrew Farmer <andfarm () gmail ! com>
Date:       2011-08-29 23:39:59
Message-ID: BAE87C07-EA57-4198-A465-8AB57FE16CE6 () gmail ! com
[Download RAW message or body]

On 2011-08-26, at 08:12, Nikolay Kichukov wrote:
> Hi,
> This one works like charm on my debian stable
> 
> LimitRequestFieldSize 200
> 
> in the apache2.conf as global directive for all vhosts.

Be cautious about applying this mitigation -- it *will* break applications which use large \
cookies. In particular, the cookies generated by Google Analytics are often over 200 bytes long \
alone. _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic