Forum Discussion

Nik_67256's avatar
Nik_67256
Icon for Nimbostratus rankNimbostratus
Feb 06, 2013

Scan Vulnerabilities & irules

  Hello All,     1) Is there a general consensus that specific types of application vulnerabilities identified through a scan can be patched/mitigated temporarily with the use of irules ...
config
design
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Feb 07, 2013
There's quite a few, I've listed a few simple examples below. Is there something specific you have in mind?

 


Restrict HTTP Methods
when HTTP_REQUEST {
 switch [HTTP::method] {
  Exit if method is GET
  "GET" { return }
  Exit if method is POST
  "POST" { return }
  Reject any other request methods
  default { reject }
  }
}

Mitigate Code Red & Nimda
when HTTP_REQUEST {
 set requri [string tolower [HTTP::uri]]
 switch –glob $requri {
  "*default.ida*" – 
  "*cmd.exe*" – 
  "*root.exe*" – 
  "*admin.dll*" {
  Drop the request silently
   drop }
 }
}