[Bug 839569] Re: Apache2 is still Range header DoS vulnerable if gzip compression is enabled

Upen, thank you for the info about the Apache's memory guideline script. I'll try it too. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/839569 Title: Apache2 is still Range header

[Bug 839569] Re: Apache2 is still Range header DoS vulnerable if gzip compression is enabled

Stefen, Yes, you're absolutely right! We can only check in that way if a server supports byte Range headers. killapache.pl causes that even my upgraded server is DoS'ed, but it's rather related to my Apache's config. Probably I need to decrease a value of MaxClients and MaxKeepAliveRequests,

[Bug 839569] Re: Apache2 is still Range header DoS vulnerable if gzip compression is enabled

Hi Steve, Yes, I can confirm that my Apache returns 200 OK for that request: root@server:~# nc localhost 80 HEAD / HTTP/1.1 Host: localhost Range:bytes=1-15,10-35,8-9,14-22,0-5,23- Accept-Encoding: gzip Connection: close HTTP/1.1 200 OK Date: Wed, 07 Sep 2011 08:51:43 GMT Server: Apache

[Bug 568946] [NEW] clamav-base.postinst doesn't check user of clamd when it sets LocalSocketGroup

Public bug reported: Binary package hint: clamav-base I've upgraded ClamAV running on Ubuntu Jaunty from version 0.95.3+dfsg-1ubuntu0.09.04.1 to version 0.96+dfsg-1ubuntu2 which I backported using source package for coming Ubuntu Lucid. Unfortunately ClamAV failed during restart as you can see

Re: [Bug 568946] [NEW] clamav-base.postinst doesn't check user of clamd when it sets LocalSocketGroup

Paweł Tęcza pisze: Public bug reported: The reason of the socket problem is that clamav-base.postinst script doesn't check user of clamd process and set automatically new option SocketLocalGroup clamav in /etc/clamav/clamd.conf file. My ClamAV ran successfully again when I set

Re: [Bug 551655] Re: open-whois.org is cybersquatted and its rules should be removed from Spamassassin

On Mon, 19 Apr 2010 20:47:29 - Derek Simkowiak ubu...@cool-st.com wrote: Step 2.3: Patch: I don't have one, sorry. The patch is just to remove all the open-whois.org from /usr/share/spamassassin/72_active.cf ; the patch used above should suffice. Hi Derek, Thanks a lot for your

[Bug 551655] [NEW] open-whois.org is cybersquatted and its rules should be removed from Spamassassin

Public bug reported: Binary package hint: spamassassin Recently I've noticed that a lof of non-spam messages I receive pass Spamassassin DNS_FROM_OPENWHOIS test. I googled a bit and found following related Debian BTS report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537477 It seems

Re: [Bug 551655] Re: open-whois.org is cybersquatted and its rules should be removed from Spamassassin

On Tue, 30 Mar 2010 15:35:41 - Mathias Gug math...@ubuntu.com wrote: Thank you for taking the time to report this bug and helping to make Ubuntu better. However, I am closing it because the bug has been fixed in the latest development version of Ubuntu - Lucid Lynx. Thanks for you reply,