Apache Killer Terminated: Zero Day Exploit, Zero Day Fix

On August 25, 2011, a zero-day exploit called "Apache Killer" was discovered that used malformed Apache byte-range headers to crash web servers. The exploit affected the latest versions of Apache and versions back to v1.3. Within 96 hours, Apache announced they would release a patch. CloudFlare initially did not protect against this attack but quickly implemented a fix by limiting malformed or large numbers of byte-range headers from being relayed to the origin server. By August 25th at 18:00 GMT, the fix was pushed live across the entire CloudFlare network, protecting all CloudFlare-powered sites. Users are still recommended to upgrade Apache to the latest version when the patch is released.