We're running a Web Agent on Apache. We are facing issues with HTTP
requests havig Range header "bytes=100-200,201-300" :
GET /mytestfile.html HTTP/1.1
User-Agent: Mozilla/4.61 [en] (WinNT; I)
we get error 403 Forbidden.
If the request present Range header as "bytes=100-200", we receive 101
Bytes of the resource, and the request is processed correctly.
Why do we have this ?
This issue is outside our Web Agent.
A Security Measure to allow only some characters like the one described in this note causes the issue.
Web Agent on 12.52SP1CR00 on Apache 2.4.25
You'll be able to fix this issue by allowing only two ranges like
bytes=300-400,401-500 and not more. This will eliminate the risk of
DoS and will work.
However, you will have to decide the solution that suits your needs as
issue is not in the Web Agent.