Stay protected from the bash vulnerability (shellshock)

Version imprimable, PDF et e-mail

This post is designed to help you configure your Barracuda Web Application Firewall to protect your systems from Shellshock.  If you are not familiar with this vulnerability, see this post.

The Barracuda Web Application Firewall has generic signatures that mitigate the Shellshock vulnerability. These signatures are in the OS Command Injection Strict rule set. By default, this is not applied to header values, however. Barracuda has created a new attack definition update that will update the OS Command Injection rule set to have specific signatures to protect against this attack.

If you have not updated the bash shell across your web servers, or have reason to believe that you are affected, we strongly recommend updating to the latest attack definitions. Note that attack definitions are automatically updated by default, unless you have explicitly turned this OFF.

We have released Attack Definitions (attackdef) version 1.78 which contains enhancement to our OS Command Injection pattern group to catch the attack vectors in the exploits for CVE-2014-6271 and CVE-2014-7169.

You can view your attackdef verion on the ADVANCED > Energize Updates page.

Then, create header Allow Deny rules that use the new patterns. To do this, navigate to the WEBSITES > Allow Deny page. For each service:

  1. Add a new header Allow Deny rule. Set the header name to “*” to match all headers. Set the status to ON and mode to Active.
  2. Edit the header Allow Deny rule created above, and enable OS Command Injection, as in the following screenshot:

Click here for larger image.
Customers should contact support if you need help with creating these policies.

Once created, the BASIC > Web Firewall Logs page will list shellshock exploits as OS Command Injection attacks:

Click here for larger image.
Register here if you would like to learn more about the Shellshock vulnerability and how the Barracuda Web Application Firewall can be used to stop this attack.

For a risk-free 30-day evaluation of the Barracuda Web Application Firewall, click here.

Remonter en haut de page