Apache dDoS “killapache” Sends Malformed GET Requests

There is a bug in certain versions of Apache that is susceptible to a dDoS using malformed GET requests. You can find more information about “killapache” at the following site.

http://www.pentestit.com/2011/08/25/killapache-ddos-tool-freezes-apache-web-server/

 

There is no patch, however their is a work around for this bug which is provided below. In Ubuntu or Debian create a new file “/etc/apache2/conf.d/killapache-fix” and place the following code

 


# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

You may need to install the “headers” module, which can be done by typing “a2enmod headers” and then you should be able to reload apache without errors.

 


Did you like this article?


0 Shares:
You May Also Like

QuickPwn release removes the need to do an iTunes restore!

The iphone-dev.org has created a new means of Jail Breaking your iPhone that doesn't require the need to create a modified .ipsw and process a full restore through iTunes. Its called QuickPwn.
News is just out of a new way to jailbreak your iPhone, and this time the tool is specifically designed to work "quickly and easily, without requiring a full restore." Quickpwn has been released as a beta, intended to complement the main PwnageTool.
Read More

Apple releases iPhone 2.0.2 Firmware/Update

It has only been a few weeks and Apple has already released an updated firmwave for the iPhone. Could this mean Apple isn't going to sit on bugfixes, are more updates going to be released in the same short time span. A couple of weeks is really short, however a couple of months to improve some iPhone features, fix bugs or release new functionality is something that should be embraced.
Read More

Exim4 and PHP and PHP-CGI mail() function using incorrect From: and applying Sender: headers.

If you're using Exim4 and PHP as a module or as a CGI with suexec. You may have noticed some issues with your mail. Specifically you would have noticed that either the "From:" header was using "nobody@machinename" or "user@machine name, its also possibly that you had an additional header called "Sender:". There are two things you need to do to fix this. You first need to make sure that your "php.ini" has the following value "sendmail_path = /usr/sbin/sendmail -t -i". Which is the default, double check this variable as it might be set to something else.
Read More