Yesterday, NIST released information on a new network exploitable vulnerability in the GNU Bash shell as demonstrated by vectors involving parts of OpenSSH sshd, the mod_cgi, and mod_cgid modules in ...
Quick question. I know this irule script will reject and log. However is there a way to set it to only log and not reject? If I simply remove reject; from the script will it monitor instead of using the reject action?
when HTTP_REQUEST {
set pattern "*() \{*";
if { [string match $pattern [HTTP::uri]] } {
log local0. "Detected CVE-2014-6271 attack from '[IP::client_addr]' in URI '[HTTP::uri]'";
reject;
Is the reject; syntax an action command or is it simply a message that the hacker receives? This part is what is throwing me off.
"I chose to issue a reject on the connection. If you want to be more polite to the hackers, you can substitute the "reject" with a 403 - Forbidden."
Thanks!