How to Fix this Path Traversal Blocked violation?

Question

Hi, &nbsp;This is v13. &nbsp;To begin with there is not violation as such but it just shows up as attack type. &nbsp;Here's the blocked request from event logs. &nbsp;&nbsp;These are the evasion detection settings. &nbsp;&nbsp;&nbsp;The blocked URL is added as an allowed URL in the policy with check attack signature on this url selected but I cannot find the path traversal signature there. Is it even being blocked as an attack signature? &nbsp;

nathe · Answer

David,​You're on the right lines, path traversal is an attack signature attack type. In your first screenshot if you click on path traversal does it show you which attack signature triggered it?​N​

david_m · Answer

Hi Nathe

It doesn’t say anything about which attack signature, nope

And then I cannot even see this signature listed in the url so I cannot even disable it.

And some kB articles then mention it this could be due to evasion techniques detected but will that too show up as path traversal?

nathe · Answer

I wonder if it's related to this issue: K86019555 I know the versions don't match up but worth raising with F5 support perhaps?

david_m · Answer

I think yes, this makes sense. &nbsp;Will update.

Forum Discussion

How to Fix this Path Traversal Blocked violation?

4 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

Citrix XenMobile Server– Path Traversal

Block traffic

Path Traversal Detection

domain blocking