For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

doddy's avatar
doddy
Icon for Nimbostratus rankNimbostratus
Jul 27, 2013

Detect HTTP Pipelining Request

Good day all...     I am currently looking for method to detect HTTP pipelining request. This pipelining is currently exploiting our vulnerability in which cannot detect subsequent request on...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 27, 2013
this is when pipelining is enabled (default). 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}

 client sends http pipelining

[root@centos17 ~] echo -en "HEAD /frist HTTP/1.1\r\nHost: \r\n\r\nHEAD /second HTTP/1.1\r\nHost: \r\n\r\n" | nc 172.28.19.252 80
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:48:26 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:48:26 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

 packet trace

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.17(47893) <-> 172.28.19.252(80)
1374921475.9033 (0.0011)  C>S
---------------------------------------------------------------
HEAD /frist HTTP/1.1
Host:

HEAD /second HTTP/1.1
Host:

---------------------------------------------------------------

1    1374921475.9034 (0.0000)  C>S  TCP FIN
New TCP connection 2: 200.200.200.10(47893) <-> 200.200.200.101(80)
1374921475.9064 (0.0010)  C>S
---------------------------------------------------------------
HEAD /frist HTTP/1.1
Host:

---------------------------------------------------------------

1374921475.9082 (0.0018)  S>C
---------------------------------------------------------------
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:48:26 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

---------------------------------------------------------------

1374921475.9083 (0.0048)  S>C
---------------------------------------------------------------
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:48:26 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

---------------------------------------------------------------

1374921475.9083 (0.0000)  C>S
---------------------------------------------------------------
HEAD /second HTTP/1.1
Host:

---------------------------------------------------------------

2    1374921475.9083 (0.0000)  C>S  TCP FIN
1374921475.9094 (0.0010)  S>C
---------------------------------------------------------------
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:48:26 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

---------------------------------------------------------------

1374921475.9094 (0.0010)  S>C
---------------------------------------------------------------
HTTP/1.1 404 Not Found
Date: Sat, 27 Jul 2013 10:48:26 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1

---------------------------------------------------------------

2    1374921475.9094 (0.0000)  S>C  TCP FIN
1    1374921475.9094 (0.0000)  S>C  TCP FIN