Shellshock mitigation with BIG-IP iRules

Yesterday, NIST released information on a new network exploitable vulnerability in the GNU Bash shell as demonstrated by vectors involving parts of OpenSSH sshd, the mod_cgi, and mod_cgid modules in ...
Updated Jun 06, 2023
Version 2.0
application delivery
devops
iRules
security
shellshock
Gary_Zhu's avatar
Gary_Zhu
Icon for Nimbostratus rankNimbostratus
Sep 26, 2014
Great discussion. On the concern of any custom header that might match, Joe's idea of emptying out that header or rewriting that header value would be good enough. Thank Joe for checking out patterns of user agent strings. So far, we have blocked several requests from Netherland.