Please note – Apache have released a fix to this issue, and as such the below guidance has now been superseded by their fix.

I have been aware of the Apache web server issue for the last few days, where an overly wide range is requested from the server, leading to a crash in the server. As a patch hasn’t yet been released by Apache, people are coding their own solutions, and one such solution was found at edwiget.name.

That fix was for CentOS based Linux distributions, so this re-write covers how to do the same fix under Debian based distributions.

Check to make sure that the headers module has been installed:

locate mod_headers

Then, add the config above to the headers module:

echo "# As found at http://www.edwiget.name/2011/08/quick-fix-for-apache-cve-2011-3192/
<IfModule mod_headers.c>
# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (?:,.*?){5,5} bad-range=1
RequestHeader unset Range env=bad-range
# We always drop Request-Range; as this is a legacy
# dating back to MSIE3 and Netscape 2 and 3.
RequestHeader unset Request-Range
# optional logging.
CustomLog /var/log/apache2/range-CVE-2011-3192.log common env=bad-range
CustomLog /var/log/apache2/range-CVE-2011-3192.log common env=bad-req-range
</IfModule>" | sudo tee /etc/apache2/mods-available/headers.conf

And lastly, enable the module:

a2enmod headers

EDIT: 2011-08-26 as per Ed’s comment below. Many thanks!