On Tue, Aug 23, 2011 at 8:09 AM, Willy Tarreau w...@1wt.eu wrote:
On Mon, Aug 22, 2011 at 07:57:10PM +0200, Baptiste wrote:
Hi,
Why not only dropping this Range:bytes=0- header?
Agreed. Protecting against this vulnerability is not a matter of limiting
connections or whatever. The attack
On Wed, Aug 24, 2011 at 12:44 PM, Baptiste bed...@gmail.com wrote:
On Tue, Aug 23, 2011 at 8:09 AM, Willy Tarreau w...@1wt.eu wrote:
On Mon, Aug 22, 2011 at 07:57:10PM +0200, Baptiste wrote:
Hi,
Why not only dropping this Range:bytes=0- header?
Agreed. Protecting against this vulnerability
Hi all,
On Wednesday 24 August 2011 13:02:18 Baptiste wrote:
(...)
Since there is no hdr_size ACLs for now, the only way is to use a
hdr_reg to do this:
reqidel ^Range if { hdr_reg(Range) ([0-9]+-[0-9]+,){10,} }
But the regexp above does not work (haproxy 1.5-dev6), the comma is
not
On Wed, Aug 24, 2011 at 1:44 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Hi all,
On Wednesday 24 August 2011 13:02:18 Baptiste wrote:
(...)
Since there is no hdr_size ACLs for now, the only way is to use a
hdr_reg to do this:
reqidel ^Range if { hdr_reg(Range) ([0-9]+-[0-9]+,){10,} }
On Mon, Aug 22, 2011 at 06:26:01PM +, Svancara, Randall wrote:
This is nothing new as brute force DOS attacks have been around for a while.
I am not sure this is an HA-Proxy feature or more of a MOD_SECURITY/iptables
feature. Simple iptables rate limiting would be sufficient in
On Mon, Aug 22, 2011 at 07:57:10PM +0200, Baptiste wrote:
Hi,
Why not only dropping this Range:bytes=0- header?
Agreed. Protecting against this vulnerability is not a matter of limiting
connections or whatever. The attack makes mod_deflate exhaust the process'
memory. What is needed is to
Hi,
Why not only dropping this Range:bytes=0- header?
cheers
2011/8/22 Levente Peres sheri...@eurosystems.hu:
Hello,
There're a number of webserver-mace apps on the net, the newest that I heard
of being the so called Apache killer script I saw a few days agon on Full
disclosure... Here
Hi,
1. install nginx as frontend
2. install latest version of Apache as backend (afair 2.2.18 was not
vulnerable to such DoS already, and 2.2.19 should be ok too)
3. remove apache's mod_deflate
4. done
--
Cheers,
Kai
This is nothing new as brute force DOS attacks have been around for a while. I
am not sure this is an HA-Proxy feature or more of a MOD_SECURITY/iptables
feature. Simple iptables rate limiting would be sufficient in thwarting this
attack. For example,
I am using this for SSH now, but very
9 matches
Mail list logo
