Apache dDoS “killapache” Sends Malformed GET Requests

There is a bug in certain versions of Apache that is susceptible to a dDoS using malformed GET requests. You can find more information about “killapache” at the following site.

http://www.pentestit.com/2011/08/25/killapache-ddos-tool-freezes-apache-web-server/

 

There is no patch, however their is a work around for this bug which is provided below. In Ubuntu or Debian create a new file “/etc/apache2/conf.d/killapache-fix” and place the following code

 


# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
CustomLog logs/range-CVE-2011-3192.log common env=bad-range

You may need to install the “headers” module, which can be done by typing “a2enmod headers” and then you should be able to reload apache without errors.

 

0 Shares:
You May Also Like

MySQL and OpenSSL Replication what a mess!

Just a heads up, if you do decide to enable OpenSSL so you can do encrypted MySQL replication. There are two bugs that will affect replication and the mysqldump command. They're as follows: Bug #24148 regression tests hang with SSL enabled http://bugs.mysql.com/bug.php?id=24148 http://lists.mysql.com/commits/17286 Bug #27669 mysqldump: Got error: 2026: SSL connection error when trying to connect http://bugs.mysql.com/bug.php?id=27669 http://lists.mysql.com/commits/24329 This may cause lots of problems with MySQL and SSL Replication using OpenSSL. Cheers!