Forum Discussion

mikegray_198028

Cirrus

Dec 08, 2016

uri hiding/encrypting

admin/App/frameset.jsp?name=Sessions url=..%2FApp%2FSessions%2FsessionsFrameSet.faces%3FappKind%3DCMC%26bttoken%3DMDAwRENRbzJQNmRKYUpXW2c7Z29XOlBNVEFYTF5d Here you can see ".." present in the u...

MVP

Dec 08, 2016

Hi Mike,

if disabling of directory traversal attack signatures is not an option for you, then you may try to remove the directory traversal before passing the request to ASM and simply restore it right after.

when HTTP_REQUEST { 
    if { [HTTP::uri] contains ".." } then {
        set dir_traversal [HTTP::uri]
        HTTP::uri [string map { ".." "traversal" } [HTTP::uri]]
    }
}
when HTTP_REQUEST_SEND {
    if { [info exists dir_traversal] } then {
        clientside {
            HTTP::uri $dir_traversal
        } 
    }
}

Cheers, Kai

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

uri hiding/encrypting

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Automate F5OS license activation using ansible

Related Content

URI Redirect

20 Lines or Less #75: URIs, URIs and more URIs

URI Masking

IRULE - redirect URI

Fully Decode URI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS