LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > General > is litespeed hardened against "range" dos attack?

Reply
 
Thread Tools Display Modes
  #1  
Old 08-25-2011, 01:14 AM
aww aww is offline
Senior Member
  
Join Date: May 2007
Posts: 237
Default is litespeed hardened against "range" dos attack?
Please see:
http://mail-archives.apache.org/mod_....apache.org%3E

open in text viewer: http://seclists.org/fulldisclosure/2...lapache_pl.bin

Basically a dos attack by requesting a large number of ranges.

This rewrite rule limits to 5 ranges, but is it even needed with litespeed?

Code:
RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]
Reply With Quote
  #2  
Old 08-25-2011, 10:00 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,590
LSWS is not vulnerable to this attack, rewrite rule is not necessary.
Apache's "Range" implementation is very poor to me.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 06:43 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.