Back-end servers may be vulnerable to the attack.
The safest way to protect these servers with the BIG-IP is to add a simple iRule to each HTTP virtual server:
when HTTP_REQUEST {
# remove Range requests for CVE-2011-3192
HTTP::header remove Range
}
This iRule works for more than 5 ranges:
when HTTP_REQUEST {
# remove Range requests for CVE-2011-3192 if more than 5 ranges are requested
if { [HTTP::header "Range"] matches_regex {bytes=(([0-9\- ])+,){5,}} } {
HTTP::header remove Range
}
}
Recent Comments