Forum Discussion

Nimbostratus

Aug 25, 2011

Apache Killer

hello all, I need help for following rule We need an irule to avoid an exploit on Apache Apache syntax RewriteEngine On RewriteCond %{REQUEST_METHOD}...

Cirrus

Aug 29, 2011

zero, the 5 from the CVE seemed too restrictive, given the legitimate uses of the Range header. It ends up we could withstand quite a few simultaneous attacks at 40, so it seemed like a good balance between blocking bad traffic and allowing good traffic.

The CVE also says:

   The number 5 is arbitrary. Several 10's should not be an issue and may be
   required for sites which for example serve PDFs to very high end eReaders
   or use things such complex http based video streaming.

Between testing and the CVE, we're comfortable with 40. ymmv.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Apache Killer

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Distributed Apache Killer

Apache Airflow Unsafe API Endpoint

F5 SIRT on the Apache Commons Configuration CVE-2022-33980?

Apache Log4j2 (CVE-2021-44228) mitigation iApp

Apache CVE-2022-31813 and the hop-by-hop header mechanism

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS