dos 공격시 문제를 줄인 버그라고 하니. 패치하는 게 좋을 것 같다.
https://www.redhat.com/security/data/cve/CVE-2011-3348.html
https://bugzilla.redhat.com/show_bug.cgi?id=736690
mod_proxy_ajp 모듈이 잘못된 HTTP requests이 요청이 왔을때 문제가 일어날 수 있다.
A flaw was found when mod_proxy_ajp is used together with mod_proxy_balancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.
□ 개요 □ 해당 시스템 □ 해결방안 □ 용어 정리 □ 기타 문의사항 [참고사이트] |
Apache HTTP Server 2.2.21 Released | 2011-09-13 |
|
3192에 대한 문제를 원천적으로 해결하기 위해서 이번 버전부터 MaxRange라는 지시자가 새로 생겼다.
최대값은 200이다.
(http://httpd.apache.org/docs/2.2/mod/core.html#maxranges)
MaxRanges Directive
Description: | Number of ranges allowed before returning the complete resource |
---|---|
Syntax: | MaxRanges default | unlimited | none
| number-of-ranges |
Default: | MaxRanges 200 |
Context: | server config, virtual host, directory |
Status: | Core |
Module: | core |
Compatibility: | Available in Apache HTTP Server 2.2.21 and later |
The MaxRanges
directive limits the number of
HTTP ranges the server is willing to return to the client. If more ranges then
permitted are requested, the complete resource is returned instead.
- default
- Limits the number of ranges to a compile-time default of 200.
- none
- Range headers are ignored.
- unlimited
- The server does not limit the number of ranges it is willing to satisfy.
- number-of-ranges
- A positive number representing the maximum number of ranges the server is willing to satisfy.