Shellshock mitigation with BIG-IP iRules

Yesterday, NIST released information on a new network exploitable vulnerability in the GNU Bash shell as demonstrated by vectors involving parts of OpenSSH sshd, the mod_cgi, and mod_cgid modules in ...
Updated Jun 06, 2023
Version 2.0
application delivery
devops
iRules
security
shellshock
Joe_Pruitt's avatar
Joe_Pruitt
Sep 29, 2014
@kollenh - After more feedback and recent findings on the vulnerability, I've modified the pattern to look for the exact string of characters "() {" within a header. We believe there are no standard cases where this would match outside of a custom application. I've tested against all known user agents for the major browsers with a zero false-positive match. Could you try it out with the latest, more restrictive, pattern? If you are still getting matches, you might want to attempt the first iRule and log out exactly which header was causing triggering the block.