Forum Discussion

mikegray_198028

Cirrus

Dec 08, 2016

uri hiding/encrypting

admin/App/frameset.jsp?name=Sessions url=..%2FApp%2FSessions%2FsessionsFrameSet.faces%3FappKind%3DCMC%26bttoken%3DMDAwRENRbzJQNmRKYUpXW2c7Z29XOlBNVEFYTF5d Here you can see ".." present in the u...

MVP

Dec 08, 2016

Hi Mike,

if disabling of directory traversal attack signatures is not an option for you, then you may try to remove the directory traversal before passing the request to ASM and simply restore it right after.

when HTTP_REQUEST { 
    if { [HTTP::uri] contains ".." } then {
        set dir_traversal [HTTP::uri]
        HTTP::uri [string map { ".." "traversal" } [HTTP::uri]]
    }
}
when HTTP_REQUEST_SEND {
    if { [info exists dir_traversal] } then {
        clientside {
            HTTP::uri $dir_traversal
        } 
    }
}

Cheers, Kai

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

uri hiding/encrypting

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Related Content

URI Redirect

20 Lines or Less #75: URIs, URIs and more URIs

URI Masking

Fully Decode URI

HTTP URI Replace/Redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS