As more information becomes available regarding the recently published Range vulnerability affecting Microsoft platforms (see MS15-034and CVE-2015-1635), you can start mitigating this issue for your backend applications using the following iRule that would remove the Range header when large ranges are detected.

Additonal mitigations have been published:

Please be sure to test this thoroughly in your production environment. 

 

##############################################

# Name: stop_range_CVE-2015-1635

# Description: This iRule will remove the Range header when detecting large ranges in it.

##############################################

when HTTP_REQUEST {

# remove Range requests for CVE-2015-1635 if the request uses large ranges

if { ([HTTP::header exists "Range"]) and ([HTTP::header "Range"] matches_regex {bytes\s*=.*([0-9]){10,}.*})}

{

HTTP::header remove Range

}

}