This iRule tries to detect all Path Traversal attempts against web sites in query string parameters. The regexp is probably not perfect, so please correct if necessary!
Code :
when HTTP_REQUEST {
if { [HTTP::query] matches_regex {^.*=(\.\.|/)[[A-Za-z0-9./]*]*.*$} } {
#log local0. "Triggered by IP [IP::client_addr] with URI [HTTP::uri]"
reject
}
}
