If you don’t understand the title of this post, it’s probably not of relevance to you!
In August 2011, a vulnerability was discovered in Apache which would allow a DoS attack to succeed. Full details here (Summary: It’s bad. Really bad.)
We’re concerned about the security of our systems here, but a hotfix patch to Apache is something that has to be scheduled in; we can’t just push a fix out and pray that it’ll work. We needed something simple, quick, easy and secure. Here it is, for all of you out there that run Apache2.
1. Find your httpd.conf file.
This file often lives in /etc/apache2.
If you can’t find the file /etc/apache2/httpd.conf. then run the following command from the root folder to locate it;
find . -name httpd.conf
There should only be one copy of this file on your server, regardless of how many websites run on that server.
2. Edit the httpd.conf file
Add the following code to the httpd.conf file. You can put it at the bottom (note that it’s very common for httpd.conf to only have one or two lines in to; this file sets the default values for all websites on your server, and most configuration is done elsewhere)
RewriteCond %{HTTP:range} ^bytes=[^,]+(,[^,]+){0,4}$ RewriteRule .* . [F]
3. Save the file, and restart apache
The command for restarting apache is
service apache2 restart
4. Drink coffee
That’s it. Job done, apache patched.. you can relax for a short while.
Whilst this fix is secure, we do encourage people to update apache at their earliest convenience. We’re not recommending this as a permanent fix.