Apache RewriteRule Mitigation for log4shell
Yes, you should update ASAP to a patched version of Log4J. You should also consider other ways you can be exploited – do you have java processing emails? But layers of security never hurt, so you can also try this: RewriteCond %{THE_REQUEST} \${ [OR] RewriteCond %{REQUEST_URI} \${ [OR] RewriteCond %{QUERY_STRING} \${ [OR] RewriteCond %{HTTP_USER_AGENT} \${ …
Continue reading ‘Apache RewriteRule Mitigation for log4shell’ »