Weblog

Although there is already a patch available for the HTTP.sys vulnerability, I think it's usefull to know that Hiawatha can block requests that exploit this vulnerability. If you were required to wait for a patch, you could have used Hiawatha as a reverse proxy with the following configuration to block HTTP.sys exploits.

UrlToolkit {
  ToolkitID = block_httpsys
  Header Range [0-9]{6,} Ban 86400
}

VirtualHost {
  Hostname = www.example.com
  UseToolkit = block_httpsys
  ReverseProxy .* http://<webserver IP address>/
}