shellshock - detect in Apache?
Fulko Hew
fulko.hew at gmail.com
Fri Sep 26 14:32:15 UTC 2014
On Fri, Sep 26, 2014 at 8:28 AM, Matthew Miller <mattdm at fedoraproject.org>
wrote:
> On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote:
> > Is there any way to detect an attack within Apache and block it?
> > I'm thinking of a rule or something to check the user-agent or equiv
> before
> > calling the CGI or PHP etc.
> > I'm looking to protect some old servers where BASH updates won't be
> > forthcoming
>
>
> You should be able to do this with mod_rewrite -- at least if you can be
> sure that none of the CGI variables should ever legitimately start with
> "(".
> Use the RewriteCond and test for every one of those variables that come
> from
> the user.
> http://httpd.apache.org/docs/current/mod/mod_rewrite.html
>
> There may be a better way, but that's what comes to mind.
>
Is there a simple test (similar to the 'basic bash' test'; posted
everywhere)
that can be executed to determine whether an apache/cgi 'environment'
can be attacked? or do each of my CGI (perl) apps need checking...
It seems to me to be an apache/cgi environment issue, and not
a CGI app issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140926/1020119c/attachment.html>
More information about the users
mailing list