Below is all kinds of information we needed to arrive at the above problem description, exploit and solutions. If you want to know how it works in detail, you may be interested in this information as well.
On network protection devices such as WAF, implement rule filtering for strings such as
according to the actual traffic situation of deployed services. After filtering the rules, test the business operation to avoid additional impact.
Detection of exploit through SNORT (IDS/IPS) Rules:
The Rules below can be loaded into any IDS that supports Snort Rules (for example, Snort and Suricata). These rules were tested and developed based on the network traffic generated by the POC exploit published by LunaSec. Possibly these rules do not detect all the exploits that are (going to be) used “in the wild.” Therefore, use them as part of a layered security and do not rely blindly on these rules. Note: These rules only work for HTTP traffic and thus cannot look into TLS (HTTPS) traffic (unless specific measures are taken for that purpose).