Directory traversal protection helps you automatically block client IP addresses that
launch multiple directory traversal attacks on your domain within a short period of
time.
Prerequisites
You can enable this feature in Web Application Firewall (WAF) only when the following
conditions are met:
Background information
You can enable the directory traversal protection feature to automatically detect
and block client IP addresses that launch multiple directory traversal attacks on
your domain within a short period of time. Requests from the blocked IP addresses
are rejected during the blocking period. After the blocking period expires, the blocked
IP addresses are automatically unblocked. After enabling directory traversal protection,
you can customize a protection rule. For more information, see Step 5. You can also
unblock IP addresses manually. For more information, see Step 6.
Procedure
- Log on to the WAF console.
- In the left-side navigation pane, choose . On the Website Configuration page that appears, select the region of your WAF instance
(Mainland China or International).
- Find the domain to be configured in the domain list, and click Policies in the Operation column.
- On the page that appears, scroll down to the Directory Traversal Protection area and turn on Status to enable directory traversal protection.
After directory traversal protection is enabled, the following protection rule takes
effect by default: If WAF detects more than 50 access requests from a client IP address
to the specified domain within 10 seconds and that more than 70% of the responses
to these requests contain the 404 response code , WAF blocks the IP address for 1,800
seconds.
- Optional:You can perform the following steps to customize a protection rule:
- In the Directory Traversal Protection area, click Settings.
- In the Rule Setting dialog box that appears, set the following parameters.
Note If you do not know how to set the parameters, set Mode to one of the following values: Flexible Mode, Strict Mode, and Normal Mode. Each of these values correspond to a default protection rule that is configured
to a certain degree of strictness. You can adjust the settings in these rules to customize
the degree of strictness.
Parameter |
Description |
Inspection Time Range |
The period of time at which WAF checks for directory traversal attacks from client
IP addresses on the specified domain. Unit: second.
|
The total requests exceeds |
The maximum number of access requests that can be sent from a client IP address to
the specified domain within the specified period of time. WAF blocks a client IP address
when both of the following conditions are met: The number of access requests from
the IP address to the specified domain within the specified period of time is greater
than the value of this parameter, and the percentage of responses to these requests
with the 404 response code exceeds the specified threshold.
|
And the percentage of responses with 404 exceeds |
Blocked IP Addresses |
The period of time over which a client IP address is blocked. Unit: second. |

- Click OK.
- Optional:To manually unblock client IP addresses, click Unblock IP Address in the Directory Traversal Protection area.