Last updated on: 2023-03-19 09:20:47.
Evasion Techniques Sub-Violations Description¶
| Sub Violation Name | Description |
|---|---|
| Bad unescape | The system detects illegal HEX encoding. Reports unescaping errors (such as %RR). |
| Apache whitespace | The system detects the following characters in the URI: 9 (0x09), 11 (0x0B), 12 (0x0C), and 13 (0x0D). |
| Bare byte decoding | The system detects higher ASCII bytes (greater than 127). |
| IIS Unicode codepoints | Handles the mapping of IIS specific non-ASCII codepoints. Indicates that, when a character is greater than ‘0x00FF’, the system decodes %u according to an ANSI Latin 1 (Windows 1252) code page mapping. For example, the system turns a%u2044b to a/b. The system performs this action on URI and parameter input. |
| IIS backslashes | Normalizes backslashes (\) to slashes (/) for further processing. |
| %u decoding | Performs Microsoft %u unicode decoding (%UXXXX where X is a hexadecimal digit). For example, the system turns a%u002fb to a/b. The system performs this action on URI and parameter input to evaluate if the request contains an attack. |
| Multiple decoding | The system decodes URI and parameter values multiple times according to the number specified before the request is considered an evasion. |
| Directory traversals | Ensures that directory traversal commands like ../ are not part of the URL. While requests generated by a browser should not contain directory traversal instructions, sometimes requests generated by JavaScript have them. |