shellshock - detect in Apache?
Matthew Miller
mattdm at fedoraproject.org
Fri Sep 26 12:28:47 UTC 2014
On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote:
> Is there any way to detect an attack within Apache and block it?
> I'm thinking of a rule or something to check the user-agent or equiv before
> calling the CGI or PHP etc.
> I'm looking to protect some old servers where BASH updates won't be
> forthcoming
You should be able to do this with mod_rewrite — at least if you can be
sure that none of the CGI variables should ever legitimately start with "(".
Use the RewriteCond and test for every one of those variables that come from
the user.
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
There may be a better way, but that's what comes to mind.
--
Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader
More information about the users
mailing list