Verizon Digital Media Services has created a Web Application Firewall (WAF) instance designed to identify and block attacks targeting the recently discovered ShellShock vulnerability. These WAF rules are implemented by Verizon EdgeCast’s Network Operations Center (NOC) and require no configuration on the customer side.
Customers do not need to be an existing WAF user; any Verizon ADN and Transact customer can enable this protection free of charge for 30 days by contacting our NOC:
Toll-Free (USA only): 877-EDGE-CDN
The WAF rule is designed to check for a ShellShock attack across multiple vectors in an HTTP request and to stop any attacks at the edge.
This instance identifies and blocks attacks targeting the ShellShock vulnerability (CVE-2014-6271 and CVE-2014-7169) residing on servers running GNU Bash (Bourne again shell) and transported via HTTP/HTTPS traffic. The WAF instance will inspect the entire HTTP/HTTPS request (request line, header, and body) to detect attack traffic. If an attack is detected, the WAF will block the request and return an HTTP 403 (forbidden) response.
Customers who enable this free protection service will not have access to the full WAF rulesets or portal functionality.
Please contact your account representative to learn more about Verizon Digital Media Services’ comprehensive web-based security solutions.