Forum Discussion

Nimbostratus

Feb 06, 2013

Scan Vulnerabilities & irules

Hello All, 1) Is there a general consensus that specific types of application vulnerabilities identified through a scan can be patched/mitigated temporarily with the use of irules ...

config

design

What_Lies_Bene1

Cirrostratus

Feb 07, 2013

There's quite a few, I've listed a few simple examples below. Is there something specific you have in mind?


Restrict HTTP Methods
when HTTP_REQUEST {
 switch [HTTP::method] {
  Exit if method is GET
  "GET" { return }
  Exit if method is POST
  "POST" { return }
  Reject any other request methods
  default { reject }
  }
}

Mitigate Code Red & Nimda
when HTTP_REQUEST {
 set requri [string tolower [HTTP::uri]]
 switch –glob $requri {
  "*default.ida*" – 
  "*cmd.exe*" – 
  "*root.exe*" – 
  "*admin.dll*" {
  Drop the request silently
   drop }
 }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)