Shellshock protection using nginx ?
mex
nginx-forum at nginx.us
Fri Sep 26 09:16:02 UTC 2014
hi pekka,
since the attack, esp. against CGI, is possible through (custom)
headers/cookies etc
you'd need some waf-functionalities (afaik)
naxsi, an nginx-based waf, has a signature for this since wednesday
MainRule "str:() {" "msg:Possible Remote code execution through Bash
CVE-2014-6271" "mz:BODY|HEADERS" "s:$ATTACK:8" id:42000393 ;
http://blog.dorvakt.org/2014/09/ruleset-update-possible-remote-code.html
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253553,253555#msg-253555
More information about the nginx
mailing list