Remove CVE-2011-3192 workaround

author Silvio Rhatto <rhatto@riseup.net>

Thu, 1 Sep 2011 13:13:10 +0000 (10:13 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Thu, 1 Sep 2011 13:13:10 +0000 (10:13 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Thu, 1 Sep 2011 13:13:10 +0000 (10:13 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Thu, 1 Sep 2011 13:13:10 +0000 (10:13 -0300)
diff --git a/templates/apache2.conf.erb b/templates/apache2.conf.erb

index e387ea8738beef50767cc95b27268097c409dc19..ee28bdc47ce3c9288daad2593b2f2ba5061b67f4 100644 (file)
--- a/templates/apache2.conf.erb
+++ b/templates/apache2.conf.erb
@@ -89,13 +89,6 @@ MaxKeepAliveRequests 100
  #
  KeepAliveTimeout 15
  
-# Drop the Range header when more than 5 ranges.
-# CVE-2011-3192
-# See http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/browser
-# TODO: remove this when a fix is released
-SetEnvIf Range (,.*?){5,} bad-range=1
-RequestHeader unset Range env=bad-range
-
  ##
  ## Server-Pool Size Regulation (MPM specific)
  ##
author	Silvio Rhatto <rhatto@riseup.net>
	Thu, 1 Sep 2011 13:13:10 +0000 (10:13 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Thu, 1 Sep 2011 13:13:10 +0000 (10:13 -0300)