our company has recently installed WAF Barracuda which reports this error for applications made with phprunner:
/mysitename/styles/pages/.global_login.css
The request URL /mysitename/styles/pages/.global_login.css contains a forward-slash(/) or a backward-slash() followed by a dot(.). This is disallowed by the Barracuda Web Application Firewall. A URL with a .OR /. maybe an attempt to view hidden files, as UNIX-based systems use the convention of a leading dot (.) in a file name to identify hidden files.
Directory Traversal attacks attempt to access web server files which are not publicly available.
Is there a solution?
thanks
Fabio
Phprunner 10.7 enterprise
build 39443
