Forum Discussion

Nimbostratus

Aug 25, 2011

Apache Killer

hello all, I need help for following rule We need an irule to avoid an exploit on Apache Apache syntax RewriteEngine On RewriteCond %{REQUEST_METHOD}...

Cirrus

Aug 26, 2011

After another announcement from the apache folks and little help from smp offline, we have this:

when HTTP_REQUEST {
  HTTP::header remove Request-Range
  if { [HTTP::header exists "Range"] and ([HTTP::header "Range"] matches_regex {(,.*?){40,}}) } {
    log local0. " Range attack CVE-2011-3192 detected from [IP::client_addr].  [llength [split [HTTP::header "Range"], ","]] ranges requested."
    drop
    return
  }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Apache Killer

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Distributed Apache Killer

Apache Airflow Unsafe API Endpoint

F5 SIRT on the Apache Commons Configuration CVE-2022-33980?

Apache Log4j2 (CVE-2021-44228) mitigation iApp

Apache CVE-2022-31813 and the hop-by-hop header mechanism

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS