Last active
May 20, 2025 19:48
-
-
Save rlnorthcutt/6802f7c3d31f212cc5d209d844ef7fad to your computer and use it in GitHub Desktop.
Protecting Against SAP NetWeaver Vulnerability (CVE-2025-31324) with HAProxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Match both POST and PUT methods that could be used for uploads | |
| acl is_upload method POST PUT | |
| acl is_sap_uploader path -m beg /developmentserver/metadatauploader | |
| # Block the requests | |
| http-request deny deny_status 403 if is_upload is_sap_uploader | |
| Add this configuration to your HAProxy frontend section that handles SAP NetWeaver traffic. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Log blocked attempts (optional) | |
| http-request capture req.hdr(host) len 50 if is_upload is_sap_uploader | |
| http-request capture req.hdr(user-agent) len 100 if is_upload is_sap_uploader |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment