When will you add rules to protect against Shellshock ?

Web Application Firewall is not a tool to avoid Shellshock issue. It’s better to update your bash system package to secure version.

Shellshock fix for various distribution:
Red Hat - Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) in Red Hat Enterprise Linux - Red Hat Customer Portal
Fedora: Flaw CVE-2014-6271 discovered in the Bash shell - update your Fedora systems - Fedora Magazine
CentOS-5: [CentOS-announce] CESA-2014:1293 Critical CentOS 5 bash Security Update
CentOS-6: [CentOS-announce] CESA-2014:1293 Critical CentOS 6 bash Security Update
CentOS-7: [CentOS-announce] CESA-2014:1293 Critical CentOS 7 bash Security Update
Ubuntu: USN-2362-1: Bash vulnerability | Ubuntu security notices | Ubuntu
Debian: [SECURITY] [DSA 3032-1] bash security update

There are already some mod_security rules posted by Red Hat: Mitigating the shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) - Red Hat Customer Portal

The top priority should be to apply both Bash patches. Then you can also implement the mod_security rules under Comodo WAF » User Data » Custom rules as an extra precaution.

Actually I think these rules should be implemented into the Comodo rule-set, as I’m sure that some servers will remain unpatched. There are enough people who neglect this stuff.

Hi Stefan

Thank you for your finding! I’ve contacted our rule writers team about this.

bash is still not fully patched, i believe adding mod_sec rules can help webservers block an angle of attack, which is always helpful.

Another thing worth mentioning is that LiteSpeed Web Server already has an update since 9-25-2014 that covers Shellshock. Details: LiteSpeed Web Server Now Protected Against Shellshock ⋆ LiteSpeed Blog

Not quite sure if it also protects against the last 4 vulnerabilities…

No problem, Oleg. Glad that I could help.

It would be ideal to push an update of the Shellshock rules before it gets more actively exploited. It still isn’t fully patched as of today.