Apache dDoS “killapache” Sends Malformed GET Requests

Last Updated on August 26, 2011 EDT by Jordan

There is a bug in certain versions of Apache that is susceptible to a dDoS using malformed GET requests. You can find more information about “killapache” at the following site.

http://www.pentestit.com/2011/08/25/killapache-ddos-tool-freezes-apache-web-server/

 

There is no patch, however their is a work around for this bug which is provided below. In Ubuntu or Debian create a new file “/etc/apache2/conf.d/killapache-fix” and place the following code

 


# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

You may need to install the “headers” module, which can be done by typing “a2enmod headers” and then you should be able to reload apache without errors.

 


Did you like this article?