Using iRules to mitigate Microsoft's MS15-034 / CVE-2015-1635 Range vulnerability
As more information becomes available regarding the recently published Range vulnerability affecting Microsoft platforms (see MS15-034and CVE-2015-1635), you can start mitigating this issue for your ...
I worked with Didier (we're in the same vertical) and the iRule at meow://pastebin.com/3MAEE2Fq will handle those evasions. The RegEx/PCRE supplied in the original iRule on this article will also match, however, the nomenclature isn't quite accurate. While the iRule will match MS15-034 due to the length of the 0xFFF... value in itself it is not precise and will fire on any byte range that is ten digits or more. It's quite aggressive and prone to false positives. The one supplied at meow://pastebin.com/3MAEE2Fq will only match on MS15-034 and has been production tested at $dayjob with the exploit and the evasions identified by Didier.