LoadModule headers_module modules/mod_headers.so<IfModule mod_headers.c># Dr

1. LoadModule headers_module modules/mod_headers.so
2. <IfModule mod_headers.c>
3. # Drop the Range header when more than 5 ranges.
4. # CVE-2011-3192
5. SetEnvIf Range (?:,.*?){5,5} bad-range=1
6. RequestHeader unset Range env=bad-range
7. # We always drop Request-Range; as this is a legacy
8. # dating back to MSIE3 and Netscape 2 and 3.
9. RequestHeader unset Request-Range
10. # optional logging.
11. CustomLog logs/range-CVE-2011-3192.log common env=bad-range
12. CustomLog logs/range-CVE-2011-3192.log common env=bad-req-range
13. </IfModule>