on 15-Apr-2015 16:18
As more information becomes available regarding the recently published Range vulnerability affecting Microsoft platforms (see MS15-034and CVE-2015-1635), you can start mitigating this issue for your backend applications using the following iRule that would remove the Range header when large ranges are detected.
Additonal mitigations have been published:
Please be sure to test this thoroughly in your production environment.
##############################################
# Name: stop_range_CVE-2015-1635
# Description: This iRule will remove the Range header when detecting large ranges in it.
##############################################
when HTTP_REQUEST {
# remove Range requests for CVE-2015-1635 if the request uses large ranges
if { ([HTTP::header exists "Range"]) and ([HTTP::header "Range"] matches_regex {bytes\s*=.*([0-9]){10,}.*})}
{
HTTP::header remove Range
}
}