ProHoster > Блог > ozi ịntanetị > Mwepụta nke sava Apache 2.4.58 na mkpochapụ nke adịghị ike DoS na HTTP/2

Mwepụta nke sava Apache 2.4.58 na mkpochapụ nke adịghị ike DoS na HTTP/2

Ebipụtala ntọhapụ nke ihe nkesa HTTP Apache 2.4.58, nke na-ewebata mgbanwe 33 ma wepụ ihe ọghọm atọ, abụọ n'ime ha metụtara ohere nke ibu agha DoS na usoro site na iji HTTP / 2 protocol.

  • CVE-2023-45802 A na-emepụta ọnọdụ ike ọgwụgwụ ebe nchekwa n'ihi nkwụsị ebe nchekwa na-egbu oge ka emechara iyi HTTP/2 site na ngwugwu nwere ọkọlọtọ RST. Ebe ọ bụ na anaghị ewepụta ebe nchekwa ozugbo emechara ọkọlọtọ RST, mana ọ bụ naanị mgbe emechiri njikọ ahụ, onye na-awakpo nwere ike ịbawanye oriri ebe nchekwa nke ukwuu site na izipu arịrịọ ọhụrụ wee jiri ngwugwu RST tufuo ha, mana na-emechighị njikọ ahụ.
  • CVE-2023-43622 - HTTP / 2 na-egbochi nhazi njikọ na-adịgide adịgide ma ọ bụrụ na emepere ya na nha windo mbụ na-amị amị ka 0. Enwere ike iji adịghị ike ahụ bute ọjụjụ nke ọrụ site n'ịfefe oke na ọnụọgụ njikọ mepere emepe kacha anabatara.
  • CVE-2023-31122 bụ adịghị ike na mod_macro na-enye ohere ịgụ data site na mpaghara na-abụghị ihe nchekwa ekenyela.

Mgbanwe na-abụghị nchekwa gụnyere:

  • mod_http2 na-agbakwụnye nkwado maka iji usoro WebSocket n'elu iyi na njikọ HTTP/2 (RFC 8441). Iji mee ka WebSocket karịa HTTP/2, atụpụtala ntụzịaka 'H2WebSockets na | gbanyụọ'.
  • Agbakwunyere ụkpụrụ aha 'H2EarlyHint' na mod_http2 ka ịgbakwunye nkụnye eji isi mee na nzaghachi "103 Early Hints".
  • Agbakwunyere 'H2ProxyRequests | gbanyụọ' na mod_http2 iji jikwaa ma agbanyere nhazi arịrịọ HTTP/2 na nhazi proxy.
  • Agbakwunyela ntuziaka 'H2MaxDataFrameLen n' na mod_http2 iji kpachie oke nzaghachi nzaghachi na bytes na-ebufe n'otu etiti DATA na HTTP/2. Oke ndabara bụ 16KB.
  • Ụdị faịlụ mime.ụdị emelitere iji kechie ndọtị ".js" na ụdị 'ederede/javascript' kama ịbụ 'application/javascript' wee tinye mgbakwunye ndị a: ".mjs" (ya na ụdị 'ederede/javascript') na " .opus" ( 'audio/ogg'). Ụdị MIME agbakwunyere na ndọtị ejiri na WebAssembly.
  • Atụgharịrị asụsụ modul mod_tls (ọzọ na mod_ssl n'asụsụ Rust) ka ọ jiri rustls-ffi 0.9.2+ ọba akwụkwọ.
  • Agbakwunyere ntuziaka 'MDMatchAha niile|aha nkesa' na modul mod_md iji jikwaa ka MDomains si kwekọọ na ọdịnaya VirtualHosts.
  • Agbakwunyela ntuziaka 'MDChallengeDns01Version' na modul mod_md iji họrọ ụdị protocol ACME ejiri maka nkwenye DNS.
  • Na mod_md, a na-ekwe ka ntuziaka MDChallengeDns01 nye onye ọ bụla n'otu n'otu. nke ọma.
  • Agbakwunyere ntuziaka 'DavBasePath' na mod_dav iji hazie ụzọ na mgbọrọgwụ nke ebe nchekwa WebDav.
  • Agbakwunyere ntuziaka 'AliasPreservePath' na mod_alias ka iji uru Alias ​​dị na ngọngọ Location dị ka ụzọ zuru oke.
  • Agbakwunyere ntuziaka 'RedirectRelative' na mod_alias, na-enye ohere ntụgharị site na iji ụzọ ndị ikwu.
  • Agbakwunyela nkọwapụta usoro %{z} na %{strftime-format} na ntuziaka ErrorLogFormat.
  • Agbakwunyere ntuziaka 'DeflateAlterETag' na mod_deflate iji jikwaa ka ETag si agbanwe mgbe ejiri mkpakọ.
  • Ekwalitela arụmọrụ nke ọrụ send_brigade_nonblocking().
  • Mod_status na-achọpụta na ewepụrụ igodo oyiri "BusyWorkers" na "IdleWorkers", yana agbakwunyere counter "GracefulWorkers" ọhụrụ.

isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster