F5 Friday: Zero-Day Apache Exploit? Zero-Problem

#infosec A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here’s a couple of different options using F5 solutions to secure your site against it. It’s called “Apache Kille...
Published Aug 26, 2011
Version 1.0
apache
app sec
application delivery
applications
ddos
dev
devops
f5 friday
firewall
hardware
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Aug 29, 2011
The Range-Request header is vulnerable as well. Also, would probably want to use an alternative to matches_regex for efficiency. If ranges are can be counted by the number of commas, a simple length check on the header contents split by the commands should suffice:

 

 

when HTTP_REQUEST {

 

if { [llength [split [HTTP::header "Range"] ","]] > 5 } {

 

HTTP::header remove Range

 

}

 

}