Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Sep 24, 2014

Has anyone written an iRule to filter CVE-2014-6271?

CVE-2014-6271 was made public today, potentially wreaking havoc on apache/bash. Has anyone written an iRule to filter this vulnerability from HTTP GET requests?

application delivery

John_Alam_45640

Historic F5 Account

Sep 24, 2014

Here is one to start with:

when HTTP_REQUEST {
  if {[HTTP::request] contains "() \{" } { 
        log local0. "Detected CVE-2014-6271 attack from [IP::client_addr]"
        TCP::close
        drop
      }

}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5