[CentOS] Apache warns Web server admins of DoS attack tool

Fri Aug 26 12:45:37 UTC 2011
Simon Matter <simon.matter at invoca.ch>

>>> --On Thursday, August 25, 2011 9:09 PM +0100 Always Learning
>>> <centos at u61.u22.net> wrote:
>>>
>>>> The temporary fix is shown on several web sites as this, shown below,
>>>> added to Apache's conf file:-
>>>
>>> I try to minimize changes to main files. Presumably putting that code
>>> in
>>> a
>>> separate file (eg. conf.d/RangeVulnerabilityWorkaround.conf) should
>>> work
>>> equally well?
>>
>> Hi,
>>
>> Attached is what I've put into /etc/httpd/conf.d/CVE-2011-3192.conf and
>> I'll just remove it after the coming update is done.
>> At least killapache.pl doesn't kill anymore.
>>
>> Works for me, YMMW.
>
> Sorry, forgot to mention that this is for EL4.

And while looking into it again I realize that my "solution" is not really
a solution...

Simon