Michael busch
busch
/ gist:7df1a7175e580b4266c8ba1f7606ed7e
Created
December 10, 2021 23:45
Citrix ADC content switching policy expression for log4j RCE CVE-2021-44228
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") || | |
| HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") || | |
| HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:rmi") || | |
| HTTP.REQ.FULL_HEADER.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:dns") || | |
| HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") || | |
| HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") || | |
| HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:rmi") || | |
| HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:dns") || | |
| HTTP.REQ.BODY(50000).SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldap") || | |
| HTTP.REQ.BODY(50000).SET_TEXT_MODE(IGNORECASE).CONTAINS("jndi:ldaps") || |