[Owasp-modsecurity-core-rule-set] Mitigation of Apache Range Header DoS Attack
Ryan Barnett
RBarnett at trustwave.com
Wed Aug 24 10:54:46 EDT 2011
FYI - http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html
If you are concerned about this attack, I suggest that you download the latest modsecurity_crs_20_protocol_violations.conf file from SVN as it has the new rules -
http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/trunk/base_rules/modsecurity_crs_20_protocol_violations.conf
--
Ryan Barnett
Senior Security Researcher
Trustwave - SpiderLabs
________________________________
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
More information about the Owasp-modsecurity-core-rule-set
mailing list