Forum Discussion

Nimbostratus

Aug 25, 2011

Apache Killer

hello all, I need help for following rule We need an irule to avoid an exploit on Apache Apache syntax RewriteEngine On RewriteCond %{REQUEST_METHOD}...

Nimbostratus

Aug 30, 2011

hi,

concerning the newest rule

when HTTP_REQUEST

{ HTTP::header remove Request-Range

if { [HTTP::header exists "Range"] and ([HTTP::header "Range"] matches_regex {(,.*?){40,}}) }

{ log local0. " Range attack CVE-2011-3192 detected from [IP::client_addr] to [HTTP::host]. [llength [split [HTTP::header "Range"], ","]] ranges requested." drop return } }

I got following error

Operation not supported (line 1) invoked from within "HTTP::header remove Request-Range"

we are using a version of 9.4.7

interestingly it is possible to apply the rule and if we are testing it with a range more then 40 it works!

Range attack CVE-2011-3192 detected from XXX. 1302 ranges requested.

any ideas

thanks for any statments

madi

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Apache Killer

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

DNS HM Probe issue

Related Content

Distributed Apache Killer

Apache Airflow Unsafe API Endpoint

F5 SIRT on the Apache Commons Configuration CVE-2022-33980?

Apache Log4j2 (CVE-2021-44228) mitigation iApp

Apache CVE-2022-31813 and the hop-by-hop header mechanism

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS