Deny Rule Group – (default) Insecure Direct Object Reference in Path

IDOR_PATH

  • The group contains insecure direct object reference deny rules and file inclusion deny rules for HTTP paths.
  • The security level Basic and Standard prevents directory traversal and injection of certain critical files (e.g. .htaccess).
  • The security level Strict further prevents injection of file paths with critical suffixes (e.g. .exe).

Included Deny Rules

Rule name

Basic

Standard

Strict

(default 06) Path directory traversal rule

(default DOR_010c) Directory traversal for Windows and UNIX in path

Icon - ON

Icon - ON

Icon - ON

(default DOR_011c) Critical file suffixes in path

Icon - ON

(default DOR_012c) Critical elements in path

Icon - ON

Icon - ON

Icon - ON