F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Path Traversal Detection

Problem this snippet solves:

This iRule tries to detect all Path Traversal attempts against web sites in query string parameters. The regexp is probably not perfect, so please correct if necessary!

Code :

when HTTP_REQUEST {
   if { [HTTP::query] matches_regex {^.*=(\.\.|/)[[A-Za-z0-9./]*]*.*$} } {
      #log local0. "Triggered by IP [IP::client_addr] with URI [HTTP::uri]"
      reject
   }
}
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules
security