# From http://thread.gmane.org/gmane.comp.apache.announce/58
# Drop the Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range

# optional logging.
#CustomLog logs/range-CVE-2011-3192.log common env=bad-range