Directory Traversal ../../

Hi all,

I’m wondering if directory traversal attacks are stopped by Cloudflare by default, or does a specific rule have to be enabled in the CF firewall? I’m new to Cloudflare, so apologies if this is an ‘obvious’ question!

WAF can help mitigate it, but you’ll need to be on a Pro plan or better to enable WAF. That being said, if you know your web application is vulnerable, the only way to definitively stop such exploits is to fix your web application–WAF is just to prevent naïve attacks.

Hi @head_in_the_cloud,

There are a number of rules which are in default block mode for directory traversal attacks within the Cloudflare Specials managed ruleset, assuming you are on pro plan. One such example is 100005. These rules will block specific attacks targeting known sensitive files (e.g. …/…/etc/passwd).

It depends on your use case, if you want to outright block all patterns containing “…/…/” you’d be better creating a custom firewall rule for this :slight_smile:

2 Likes

Thanks @gyx ,

Thanks very much for your reply. Does Cloudflare publish a list of rules anywhere, so that I can check which rule blocks what ?

There is a list in your dashboard, under Firewall -> WAF.

Matteo,

Those list of rules lack description. No one can understand that with little description shown there.

1 Like

They can’t give an exact list, someone could simply bypass them all, no?

but how come one know which rules does what? Many of these rules are simply disabled.


now 100451 is disabled but do you know what kind of prevention it can do?

@user3011,

That’s what I was thinking. It would be useful to have some detail around what each rule does.