Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there some pattern or rule you can put into Varnish/CDN/nginx to prevent this??


Here is what Aegir/BOA uses:

https://www.drupal.org/project/provision/issues/2960825

https://cgit.drupalcode.org/provision/commit/?id=638b03d


You really need a Layer 7 kind of thing to be able to inspect the actual payload of the request. I don't think any of those can do that. You'd need an actual WAF.


Cloudflare was able to protect against Drupalgeddon 2

https://blog.cloudflare.com/keeping-drupal-sites-safe-with-c...


That's a WAF layer though. I don't know of a way to do this with Varnish or a straight CDN.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: