Hello @vs-dsva
Thanks a lot for using Traefik and rising that important topic.
The easiest way is creating a router that use HostRegexp to match the incoming request, e.g.
- "traefik.http.routers.log4jbomb-patch.rule=Host(`log4j.127.0.0.1.nip.io`) && HeadersRegexp(`User-Agent`, `.*jndi:.*`)"
- "traefik.http.routers.log4jbomb-patch.service=noop@internal"
That solution will mitigate only a basic use case and more advanced solutions is in process of developing.
Please note this is not the ideal solution because implementing the regular expression will not protect if the request is more tricky e.g.
'User-Agent: ${${lower:j}ndi:ldap://127.0.0.1/a}'
However, as I mentioned we are working on having plugin that can be assigned with Middleware to protect the vulnerable backend.
Will keep you posted once the plugin will be ready!