Skip to main content

Core Ruleset: 930xxx

Rules with the 930xxx prefix protect web applications from local file inclusion attempts that can be made by attackers.

Paranoia Level 1 (default)

Rule: 930100

Protects web applications from directory traversal attacks. This will inspect request args, headers and files to ensure that no directory traversal attempts are made by the client.

Message: msg

Example:

curl --request GET \
  --url 'http://localhost:8088/?q=cat%20.%2F..%2F..%2Fetc%2Fpasswd'

Rule: 930120

Prevents access to known elevated files that could give an attacker elevated privileges within a system.

Message: msg

Example:

curl --request GET \
  --url http://localhost:8088/.git/.gitconfig

Rule: 930130

Prevents access to application source code in a web accessible directory. This blocks any attempt to access files directly from the core ruleset list

Message: msg

Example:

curl --request GET \
  --url 'http://localhost:8088/?q=%2Fetc%2Fhosts'

Paranoia Level 2

This module does not define checks for paranoia level 2.

Paranoia Level 3

This module does not define checks for paranoia level 3.

Paranoia Level 4

This module does not define checks for paranoia level 4.

Paranoia Level 1 (default)
Paranoia Level 2
Paranoia Level 3
Paranoia Level 4