Forum Discussion
Ido_Breger_3805
Aug 31, 2011Historic F5 Account
Latest Apache range headers DOS vulnerability signature suggestion
Hi ,
You probably heard about this latest Apace DOS vulnerability.
http://www.kb.cert.org/vuls/id/405811
Here is a suggestion to add 2 signatures that will block such attack (based on the assumption that no more than 5 range values)
1. headercontent:"Range"; nocase; pcre:"/(?:Request-)?Range:[\t ]*?bytes[\t ]*?=(?:[\t\d-]+?,){5}/Hi";
2. headercontent:"Range"; nocase; pcre:"/(?:Request-)?Range:[^\r\n]{256}/Hi";
- BT_90520NimbostratusThis is another good F5 article on several options to prevent this attack using BIG-IP solutions
- BT_90520NimbostratusThere is also a recent enhancement of Killer Apache @ http://www.pentestit.com/killapache-redone-ddos/
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects