(default) Insecure Direct Object Reference in Path
Deny Rule Group – (default) Insecure Direct Object Reference in Path

IDOR_PATH

  • The group contains insecure direct object reference deny rules and file inclusion deny rules for HTTP paths.
  • The security level Basic and Standard prevents directory traversal and injection of certain critical files (e.g. .htaccess).
  • The security level Strict further prevents injection of file paths with critical suffixes (e.g. .exe).

Included Deny Rules

Rule name
Legacy
Basic
Standard
Strict
(default 06) Path directory traversal rule
Icon - ON
(default DOR_010c) Directory traversal for Windows and UNIX in path
Icon - ON
Icon - ON
Icon - ON
(default DOR_011c) Critical file suffixes in path
Icon - ON
(default DOR_012c) Critical elements in path
Icon - ON
Icon - ON
Icon - ON