Subject: Re: how to prevent directory
traversal withmodsecurity2

You could use a rule similar to this –


SecRule REQUEST_URI "\.\." "phase:1,log,deny,msg:'Directory Traversal Attack Detected'"


The only issue to be aware of is to make sure you verify exactly which transformation functions may be inherited with this rule.  If it applies the normalisePath function ( it will not match as it will remove the .. characters.  It is for these types of reasons that you should always turn up the debug log level and review your new rule processing with some tests.


Ryan C. Barnett
ModSecurity Community Manager

Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead

Author: Preventing Web Attacks with Apache



From: [email protected] [mailto:[email protected]] On Behalf Of Yavuz Maslak
Sent: Wednesday, June 27, 2007 5:27 AM
To: [email protected]
Subject: [mod-security-users] how to prevent directory traversal withmodsecurity2




I am novice at modsecurity


I installed mod_security2 on apache2.0.59...


I couldn't find  how to prevent directory traversal with modsecurity2 .

I know that with modsecurity1. But I couldn't find for modsecurity2.

How can I get useful examples about that ?



Thanks a lot.

This email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
mod-security-users mailing list
[email protected]

Programming list archiving by: Enterprise Git Hosting