The second line throws a config error, whether you use reqdeny or reqideny,
complaining that the regex is invalid when running version 1.5.3.
This is the error that comes back from a configuration test:
[ALERT] 272/080419 (29422) : parsing [/etc/haproxy.cfg:295] : 'reqdeny' :
regular expression '^[^:]+:\s+.*?(<<[^<]+){5,}' : regex
'^[^:]+:\s+.*?(<<[^<]+){5,}' is invalid
Which version of haproxy were you able to use that regex with?
--
Jeff Buchbinder
Rave Mobile Safety, Inc
[email protected]
________________________________________
From: Thomas Heil [[email protected]]
Sent: Monday, September 29, 2014 8:36 AM
To: [email protected]
Subject: shellshock and haproxy
Hi,
To mitigate the shellshock attack we added two lines in our frontends.
--
frontend fe_80
--
reqideny ^[^:]+:\s*\(\s*\)
reqideny ^[^:]+:\s+.*?(<<[^<]+){5,}
--
and checked this via
--
curl --referer "x() { :; }; ping 127.0.0.1" http://my-haproxy-url/
curl --referer "true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF
<<EOF <<EOF <<EOF <<EOF <<EOF <<EOF" http://my-haproxy-url/
--
Any hints or further sugestions?
cheers
thomas
