On Mon, Sep 29, 2014 at 2:36 PM, Thomas Heil <[email protected]> wrote: > Hi, > > To mitigate the shellshock attack we added two lines in our frontends. > > -- > frontend fe_80 > -- > reqideny ^[^:]+:\s*\(\s*\) > reqideny ^[^:]+:\s+.*?(<<[^<]+){5,} > -- > > and checked this via > > -- > curl --referer "x() { :; }; ping 127.0.0.1" http://my-haproxy-url/ > curl --referer "true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF > <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF" http://my-haproxy-url/ > -- > > Any hints or further sugestions? > > cheers > thomas > > >
Hi Thomas, Thanks for the tips. I blogged it with some differences: http://blog.haproxy.com/2014/09/30/mitigating-the-shellshock-vulnerability-with-haproxy/ Baptiste
