F5 Friday: Zero-Day Apache Exploit? Zero-Problem
#infosec A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here’s a couple of different options using F5 solutions to secure your site against it. It’s called “Apache Kille...
Published Aug 26, 2011
Version 1.0
Lori_MacVittie
Employee
Employee
JRahm
Admin
AdminThe Range-Request header is vulnerable as well. Also, would probably want to use an alternative to matches_regex for efficiency. If ranges are can be counted by the number of commas, a simple length check on the header contents split by the commands should suffice:
when HTTP_REQUEST {
if { [llength [split [HTTP::header "Range"] ","]] > 5 } {
HTTP::header remove Range
}
}