Webserver Directory traversal

Webserver Directory traversal


File path traversal attack or directory traversal attack in web application is a common security issue.In this a hacker can get access to the files or directories of a webserver through the web url which will lead to major security issues.
If you are using Apache as front end web server then you can follow below steps to stop this path traversal attack easily.


Any file on the application server can be accessed using the URI append like “https://xyz.com/file/” and if the apache is run by a root user, then even the /etc/passwd and other secured files can be accessed easily.


Here we will use the mod_rewrite provided by Apache to block this.
Please follow below steps to configure the same in Apache configuration file httpd.conf

– Add below entry to the loadmodule section in httpd.conf to enable the mod_rewrite module


LoadModule rewrite_module modules/mod_rewrite.so

Put the below configurations any where in the httpd.conf file

<IfModule rewrite_module>

RewriteEngine On

RewriteRule ^/(.*)$ - [F]


– put below configurations to stop the directory traversal

Options -Indexes

Here “-Indexes” will stop the directory traversal.
– Restart the apache services and test.