Apache Warns Web Server Admins of DoS Attack Tool

[twistedgamer]

Once they release the patch do we need to wait for DA to update custom build to get the updated files?

http://apache.slashdot.org/story/11/08/24/2213201/Apache-Warns-Web-Server-Admins-of-DoS-Attack-Tool

 

[Arieh]

See also: http://www.webhostingtalk.com/showthread.php?t=1076668

I've ran the tool posted on slashdot at first:

/bin/echo -en "HEAD / HTTP/1.1\r\nHost:localhost\r\nRange:bytes=0-,$(perl -e 'for ($i=1;$i<1300;$i++) { print "5-$i,"; }')5-1300\r\nAccept-Encoding:gzip\r\nConnection:close\r\n\r\n" | nc localhost 80

Gave me this
Content-Length: 174877

After putting

SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

At httpd.conf:

Content-Length: 61

So I guess that works.

 

[LawsHosting]

Where abouts in httpd.conf?

Also, does this filter down to all vhosts too?

 

[Arieh]

I just put it on the very bottom of the httpd.conf. And yes it works on all vhosts (I tried localhost and 2 domains).

 

[LawsHosting]

Thanks....

Content-Length: 20

 

[zEitEr]

Nginx used as a front-end to Apache gives us:

HTTP/1.1 400 Bad Request
Server: nginx/1.0.5
Date: Mon, 29 Aug 2011 07:03:43 GMT
Content-Type: text/html
Content-Length: 248
Connection: close

Note, it gives HTTP/1.1 400 Bad Request

Nothing changed in Apache configs related to the subject.

And with direct connection to Apache gives us:

HTTP/1.1 206 Partial Content
Date: Mon, 29 Aug 2011 07:03:18 GMT
Server: Apache/2.2.19
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 950902
Connection: close
Content-Type: multipart/byteranges; boundary=4ab9f7d65778b3480