Hello,
there are many occurrences of single double dot '/../' in sites I try to protect by CRS Project.
For example:
'/web/resources/css/../images/ico_checkbox2.png'
'/catalog/view/theme/theme_web/stylesheet/../image.png'
For these examples I'm able to build exclusion like this:
SecRule REQUEST_URI_RAW "@beginsWith /catalog/view/theme/theme_onlinekoupelny/stylesheet/../" \
"id:'000025', \
phase:2, \
nolog, \
ctl:ruleRemoveByTag='attack-lfi', \
pass"
I would like to ask you, is there any possibility to solve it with only one universal exclusion? I just need to exclude single occurence of this in URI: /../. Occurence '/../../' should be marked as attack.
Thank you,
Standa