Created
December 10, 2025 16:28
-
-
Save rlnorthcutt/35d01f93600b37fb7ddc80330a03c07d to your computer and use it in GitHub Desktop.
HAProxy config - react2shell configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend www | |
| ... | |
| # ensure buffer request is enabled | |
| option http-buffer-request | |
| # acls to detect react CVE | |
| acl is_form_content req.hdr(Content-Type) -m sub multipart/form-data or req.hdr(Content-Type) -m sub application/x-www-form-urlencoded | |
| acl header_has_cve_2025_55182 req.hdr(next-action) -m found or req.hdr(rsc-action-id) -m found | |
| acl body_has_cve_2025_55182 req.body -m sub -i constructor prototype __proto__ _response: | |
| # take action if cve is detected | |
| http-request deny status 403 if is_form_content header_has_cve_2025_55182 body_has_cve_2025_55182 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment