2

Malicious request can come in the form of user agent string, referrer or cookie. To prevent being pawned by zero day attacks such as Shellshock, I have created a whitelist of characters for user agent string:

a-zA-Z0-9,.:;?/ ~!@()+_-

Is the above useful and effective? Also, does anyone have a list of acceptable characters for referrer, cookie, request URI and query string?

user68811
  • 21
  • 1
  • You can lookup the production rules for the mentioned HTTP header field values in the corresponding [RFC 7230](http://tools.ietf.org/html/rfc7230) and [RFC 7231](http://tools.ietf.org/html/rfc7231). – Gumbo Feb 21 '15 at 09:49
  • 4
    Rather than rolling your own, consider whether a WAF such as [mod_security](https://www.modsecurity.org/) would help you. – gowenfawr Feb 21 '15 at 14:07

1 Answers1

1

This really isn't useful or effective, it only specifically protects against shellshock (and with the amount of publicity it received I am fairly confident that a similar attack will not happen again. )

I should also point out that your whitelist would not actually protect a system which is effected by shellshock either.

Damian Nikodem
  • 769
  • 4
  • 8