Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635/MS15-034, a vulnerability in HTTP.sys, affecting Microsoft Internet Information Server (IIS). For applications using Ishlangu Load Balancer ADC, the following uControl Script rule mitigates the vulnerability.

Based on initial reports on this vulnerability, the exploit is caused by using high values in the Range header of HTTP requests. The problem stems from HTTP.sys not safely handling the Range Header in a HTTP request; this mechanism is used to fetch part of a file from a server, which is sometimes handy for resuming downloads. If you set the range way too large, it causes the Windows kernel to crash.

The following uControl Script code can be added as a request rule for HTTP based proxies of Ishlangu Load Balancer ADC. The rule will check for high values of the Range header in a request and remove it if it exceeds a certain threshold.