bugzilla at apache
Jun 24, 2009, 1:39 PM
Views: 437
Permalink
|
|
[Bug 47417] Apache Web Server 2.2.11 Incomplete HTTP Header Resource Exhaustion Vulnerability
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=47417
Will Rowe <wrowe[at]apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Will Rowe <wrowe[at]apache.org> 2009-06-24 13:39:38 PST ---
This is by design; see LimitRequest* directives for mitigation, especially;
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields
The httpd group is reviewing alternatives for timeout processing, but is
already well aware of similar complaints. In the interim, see iptables and
similar firewall tools and appliances to restrict abusive behavior patterns
at the IP and TCP layers, and LimitRequestFields etc to control the number
of headers expected by your specific environment.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org
|
[Bug 47417] Apache Web Server 2.2.11 Incomplete HTTP Header Resource Exhaustion Vulnerability
