(default) Insecure Direct Object Reference in Path
Deny Rule Group – (default) Insecure Direct Object Reference in Path

IDOR_PATH

  • The group contains insecure direct object reference deny rules and file inclusion deny rules for HTTP paths.
  • The security level Basic and Standard prevents directory traversal and injection of certain critical files (e.g. .htaccess).
  • The security level Strict further prevents injection of file paths with critical suffixes (e.g. .exe).

Included Deny Rules

Rule name
Basic
Standard
Strict
(default DOR_010c) Directory traversal for Windows and UNIX in path
Icon - ON
Icon - ON
Icon - ON
(default DOR_011c) Critical file suffixes in path
Icon - ON
(default DOR_012c) Critical elements in path
Icon - ON
Icon - ON
Icon - ON