From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 1 Sep 2011 13:13:10 +0000 (-0300)
Subject: Remove CVE-2011-3192 workaround
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=c4858ebfa999ba902deac5f2d7b5c26ffe97f8b2;p=puppet-apache.git

Remove CVE-2011-3192 workaround
---

diff --git a/templates/apache2.conf.erb b/templates/apache2.conf.erb
index e387ea8..ee28bdc 100644
--- a/templates/apache2.conf.erb
+++ b/templates/apache2.conf.erb
@@ -89,13 +89,6 @@ MaxKeepAliveRequests 100
 #
 KeepAliveTimeout 15
 
-# Drop the Range header when more than 5 ranges.
-# CVE-2011-3192
-# See http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/browser
-# TODO: remove this when a fix is released
-SetEnvIf Range (,.*?){5,} bad-range=1
-RequestHeader unset Range env=bad-range
-
 ##
 ## Server-Pool Size Regulation (MPM specific)
 ##