Forum Discussion

danielm1's avatar
danielm1
Icon for Cirrus rankCirrus
Dec 11, 2021

CVE-2021-44228 irule mitigation?

Hello there, Is there any iRule mitigation for the CVE-2021-44228? In support askf5 there is a mitigation using ASM but if I don't have it yet. Could I use an iRule?   Regards, Daniel
ASM Advanced WAF
LTM
security
broan's avatar
broan
Icon for Nimbostratus rankNimbostratus
Dec 13, 2021

I tried implementing the iRule linked from the AskF5 solution article, but as written it causes my site(s) to throw an HTTP 400 "Bad Request" error.

 

Anyone else see that behavior? Ideas?

  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    Dec 14, 2021

    Hi ,

     

    this should not be the case. Unless the iRule matches the pattern of the attack, it does not alter the request going to the backend servers.

    Can you compare the requests sent to the backend servers with and without the iRule? Using tools like tcpdump, wireshark or just from the log of the backend servers? Can you spot any differences in the HTTP Requests?

     

    KR

    Daniel