is litespeed hardened against "range" dos attack?

[aww]

Please see:
http://mail-archives.apache.org/mod...20110824161640.122D387DD@minotaur.apache.org>

open in text viewer: http://seclists.org/fulldisclosure/2011/Aug/att-175/killapache_pl.bin

Basically a dos attack by requesting a large number of ranges.

This rewrite rule limits to 5 ranges, but is it even needed with litespeed?

RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$)
RewriteRule .* - [F]

 

[mistwang]

LSWS is not vulnerable to this attack, rewrite rule is not necessary.
Apache's "Range" implementation is very poor to me.