Shellshock mitigation with BIG-IP iRules
Yesterday, NIST released information on a new network exploitable vulnerability in the GNU Bash shell as demonstrated by vectors involving parts of OpenSSH sshd, the mod_cgi, and mod_cgid modules in ...
Updated Jun 06, 2023
Version 2.0
@David Hwang - if you want to make the script passive, just comment out the "reject" lines by putting a pound symbol (comment) before the reject (or remove the line completely). The reject will send a connection reset to the client. An alternate approach would be to send a HTTP response 403. That's not as brash has terminating the connection. With a terminated connection, the hacker wouldn't be able to know for sure the cause of it and thus not necessarily know if their attack worked or not. By sending a forbidden message, might lead them to try something else. That's what I was getting at with the comment about reject vs. forbidden.