F5 LTM and CVE-2011-319 management interface

The management network be a private trusted network.

Anyway, here you are a workaround

1) Create a file with the following (you may name the file CVE-2011-3192):

httpd include ”
# Drop the Range header when more than 5 ranges
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range”

2) bpsh < CVE-2011-3192

3) bigstart restart httpd

F5 LTM and CVE-2011-319

Back-end servers may be vulnerable to the attack.
The safest way to protect these servers with the BIG-IP is to add a simple iRule to each HTTP virtual server:

when HTTP_REQUEST {
# remove Range requests for CVE-2011-3192
HTTP::header remove Range
}

This iRule works for more than 5 ranges:

when HTTP_REQUEST {
# remove Range requests for CVE-2011-3192 […]