ACL against CVE-2021-44228?


Does anyone have a fine tested acl to setup against CVE-2021-44228?

Taking the info from this good explanation, a match against any header or body content looking for the pattern “jndi” seems to block the request.


There is now a blogpost December/2021 - CVE-2021-44228: Log4Shell Remote Code Execution Mitigation - HAProxy Technologies

1 Like

Hello Haproxy Friends,

Is there also a solution for haproxy 1.5?