Path Traversal Detection

Problem this snippet solves:

This iRule tries to detect all Path Traversal attempts against web sites in query string parameters. The regexp is probably not perfect, so please correct if necessary!

Code :

when HTTP_REQUEST {
   if { [HTTP::query] matches_regex {^.*=(\.\.|/)[[A-Za-z0-9./]*]*.*$} } {
      #log local0. "Triggered by IP [IP::client_addr] with URI [HTTP::uri]"
      reject
   }
}
Published Mar 18, 2015
Version 1.0

Was this article helpful?