shellshock - detect in Apache?

Gary Stainburn gary.stainburn at ringways.co.uk
Fri Sep 26 14:40:30 UTC 2014


On Friday 26 September 2014 15:32:15 Fulko Hew wrote:
> On Fri, Sep 26, 2014 at 8:28 AM, Matthew Miller <mattdm at fedoraproject.org>
>
> wrote:
> > On Fri, Sep 26, 2014 at 01:19:29PM +0100, Gary Stainburn wrote:
> > > Is there any way to detect an attack within Apache and block it?
> > > I'm thinking of a rule or something to check the user-agent or equiv
> >
> > before
> >
> > > calling the CGI or PHP etc.
> > > I'm looking to protect some old servers where BASH updates won't be
> > > forthcoming
> >
> > You should be able to do this with mod_rewrite -- at least if you can be
> > sure that none of the CGI variables should ever legitimately start with
> > "(".
> > Use the RewriteCond and test for every one of those variables that come
> > from
> > the user.
> > http://httpd.apache.org/docs/current/mod/mod_rewrite.html
> >
> > There may be a better way, but that's what comes to mind.
>
> Is there a simple test (similar to the 'basic bash' test';  posted
> everywhere)
> that can be executed to determine whether an apache/cgi 'environment'
> can be attacked?  or do each of my CGI (perl) apps need checking...
>
> It seems to me to be an apache/cgi environment issue, and not
> a CGI app issue.

I've found the following page:

http://www.zdnet.com/shellshock-how-to-protect-your-unix-linux-and-mac-servers-7000034072/

which includes some rewrite rules. As I've never done rewrite rules before, 
where would I put them?


-- 
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk 


More information about the users mailing list