Deny Rule Group – (default) Insecure Direct Object Reference in Path

IDOR_PATH

  • The group contains insecure direct object reference deny rules and file inclusion deny rules for HTTP paths.
  • The security level Basic and Standard prevents directory traversal and injection of certain critical files (e.g. .htaccess).
  • The security level Strict further prevents injection of file paths with critical suffixes (e.g. .exe).

Included Deny Rules

Rule name

Basic

Standard

Strict

(default DOR_010c) Directory traversal for Windows and UNIX in path

Icon - ON

Icon - ON

Icon - ON

(default DOR_011c) Critical file suffixes in path

Icon - ON

(default DOR_012c) Critical elements in path (does not block the wp-admin directory)

Icon - ON

Icon - ON

Icon - ON