Chris_G_01_1415
Sep 27, 2014Nimbostratus
ShellShock iRule
Hey Everyone, I am wondering if it is possible to modify the existing shellshock irule to log both source and destination IPs. I am sure there is but I am no TCL expert so any help would be appreciated.
when HTTP_REQUEST { if { [string match "() {;}" [HTTP::request]] } { log local0. "Detected CVE-2014-6271 attack from '[IP::client_addr]'; URI = '[HTTP::uri]'"; reject; } }