<font face="courier new,monospace"><br></font><div class="gmail_quote">On Fri, Sep 26, 2014 at 8:28 AM, Matthew Miller <span dir="ltr"><<a href="mailto:mattdm@fedoraproject.org" target="_blank">mattdm@fedoraproject.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote:<br>
> Is there any way to detect an attack within Apache and block it?<br>
> I'm thinking of a rule or something to check the user-agent or equiv before<br>
> calling the CGI or PHP etc.<br>
> I'm looking to protect some old servers where BASH updates won't be<br>
> forthcoming<br>
<br>
<br>
</span>You should be able to do this with mod_rewrite — at least if you can be<br>
sure that none of the CGI variables should ever legitimately start with "(".<br>
Use the RewriteCond and test for every one of those variables that come from<br>
the user.<br>
<a href="http://httpd.apache.org/docs/current/mod/mod_rewrite.html" target="_blank">http://httpd.apache.org/docs/current/mod/mod_rewrite.html</a><br>
<br>
There may be a better way, but that's what comes to mind.<br></blockquote><div><br>Is there a simple test (similar to the 'basic bash' test'; posted everywhere)<br>that can be executed to determine whether an apache/cgi 'environment'<br>can be attacked? or do each of my CGI (perl) apps need checking... <br><br>It seems to me to be an apache/cgi environment issue, and not<br>a CGI app issue.<br><br></div></div><br>