Hi, To mitigate the shellshock attack we added two lines in our frontends.
--
frontend fe_80
--
reqideny ^[^:]+:\s*\(\s*\)
reqideny ^[^:]+:\s+.*?(<<[^<]+){5,}
--
and checked this via
--
curl --referer "x() { :; }; ping 127.0.0.1" http://my-haproxy-url/
curl --referer "true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF
<<EOF <<EOF <<EOF <<EOF <<EOF <<EOF" http://my-haproxy-url/
--
Any hints or further sugestions?
cheers
thomas
