20 Lines or Less #81

What could you do with your code in 20 Lines or Less?

That's the question we like to ask from, for, and of (feel free to insert your favorite preposition here) the DevCentral community, and every time we do, we go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head. Thus was born the 20LoL (20 Lines or Less) series many moons ago. Over the years we've highlighted hundreds of iRules examples, all of which do downright cool things in less than 21 lines of code.

Shellshock - HTTP Edition

https://devcentral.f5.com/s/articles/shellshock-mitigation-with-big-ip-irules

Joe Pruitt whipped this up as a mitigation for the shellshock bash vulnerability via HTTP. 17 lines of security defenses, at your service!

 

when HTTP_REQUEST {
  set pattern "*() \{*";  
  if { [string match $pattern [HTTP::uri]] } {
    log local0. "Detected CVE-2014-6271 attack from '[IP::client_addr]' in URI '[HTTP::uri]'";
    reject;
  } else {
    foreach header_name [HTTP::header names] {
      foreach header_value [HTTP::header values $header_name] {
        if { [string match $pattern $header_value] } {
          log local0. "Detected CVE-2014-6271 attack from '[IP::client_addr]' in HTTP Header $header_name = '$header_value'; URI = '[HTTP::uri]'";
          reject;
          break;
        }
      }
    }
  }
}

 

Shellshock - SIP Edition

https://devcentral.f5.com/s/articles/shellshock-the-sip-proxy-edition

Not to be outdone, Nir Zigler contributes his own mitigation for shellshock, though for SIP traffic instead of HTTP. This solution clocks in at 13 lines of code.

 

when CLIENT_DATA {
    set sCVEPattern "*: () \{*"
    set bCVEFound 0
    if { [string match $sCVEPattern [UDP::payload]] } {
set bCVEFound 1
    }
}
when SIP_REQUEST {
    if { $bCVEFound } {
        log local0. "Detected CVE-2014-6271 Shellshock attack! IP: '[IP::client_addr]' From: [SIP::from] To: [SIP::to]"
        reject
    }
}

 

Insert custom HTTP header determined by VS protocol

https://devcentral.f5.com/s/questions/insert-custom-http-header-determined-by-vs-protocol

And in non-shellshock news, this iRule comes courtesy of superhero Kevin Stewart, who provides an easy solution to informing the backend servers whether the request came via http or https.

 

when CLIENT_ACCEPTED {
   switch [TCP::local_port] {
"443" {
set proto "https"
}
"80" {
set proto "http"
}
}
}
when HTTP_REQUEST {
HTTP::header insert VS_HTTP_PROTO $PROTO
}

 

And that's a wrap! Super powered functionality featured in less than 60 lines of code.

Published Oct 06, 2014
Version 1.0

Was this article helpful?

No CommentsBe the first to comment