• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero Blog

NameHero Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • VPS Hosting
    • WordPress Hosting
    • WooCommerce Hosting
  • Reseller
  • Enterprise
  • Domains
  • Account
  • Blog Home
  • Categories

How to Protect Yourself From Network Traversal Attacks

Bhagwad Park

Published on: January 24, 2022

Categories: Website Security 0

The other day when looking at my ConfigServer Security logs, I saw the following line:

Network Path Traversal Attack
Network Path Traversal Attack

I’ve been getting a few of these recently. Attempts to access paths on my server that look like this:

/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts

It looks strange, because these are encoded characters. “%2e” stands for dot (.). So the path above is actually trying to access:

/cgi-bin/../../../../../../../etc/hosts

This is called a “Network Traversal Attack” and is an attempt to exploit a vulnerability on Apache servers. Here’s how to protect yourself from it.

Method 1: Use Cloudflare URL Normalization

If you’re using Cloudflare’s DNS servers to proxy your traffic, you can turn on the option in the “Page Rules” section and enable the “Normalize incoming URLs” option as shown here:

Normalize URLs on Cloudflare
Normalize URLs on Cloudflare

This Cloudflare rule “normalizes” URLs before passing them on to the page rules, the firewall rules, and the WAF. It’s an important option because you don’t want attackers to circumvent your carefully crafted rules by using tricks like encoding the URL. The second option normalizes URLs to the origin and does the same when the request is sent directly to the server. In fact, it’s arguably more important because the consequences of your server being compromised are so much more severe.

Method 2: Enable the Cloudflare WAF Rules to Block URLs like This

This method is only available for “Pro” Cloudflare users. I’ve talked about the benefits of the Cloudflare Pro plan before, here on the NameHero blog, and I use it myself on my site WP-Tweaks.com to save my web hosting from resource-sucking requests.

For Pro Cloudflare users, you can enable the following two WAF rules:

100045 and 100045A

You can search for these rules in the “Managed Firewall” section like this:

Cloudflare WAF Rules for Network Path Traversal Attacks
Cloudflare WAF Rules for Network Path Traversal Attacks

If you’re worried about blocking legitimate users, just set the Mode to “Challenge” instead of Block. Every bot I’ve seen so far has failed the JS “Challenge” that Cloudflare poses, and it delays legitimate users by just a few seconds. I don’t see why a real user would be using this kind of URL, but even if they do, it’s not going to pose a problem to them.

Method 3: Update Apache to Version 2.4.51

The methods above will only protect you if attackers craft the URL and it proxies through Cloudflare. This means they’re using one of your domain names registered with Cloudflare. But what if they try and access your IP directly? Cloudflare can’t protect you against that. In fact, in the first screenshot that I showed, the URL hit my server without going through Cloudflare, since I’m already protected against that kind of thing.

The only solution for this is to update Apache to version 2.4.51 if you haven’t already done so. The newer versions of Apache have the “require all denied” configuration, that prevents these kinds of attacks. Before this, attackers could get access to files outside the document root and enter into locations in which they had no business being.

While Method 1 and 2 are optional, Method 3 is pretty much mandatory regardless of any other protections you have. Cloudflare can only protect you against a certain kind of attack, and you can’t afford to have a vulnerable server because malicious stuff will get through. Such is the responsibility that comes with having your own VPS or dedicated server!

Bhagwad Park Profile Picture
Bhagwad Park

I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!

Most Popular Posts

Speed up your site: solving the WordPress slowdown

NameHero’s Recommended WordPress Plugin and Theme Setup (2023)

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • Website Performance
  • Web Hosting
  • Resellers
  • Website Development
  • Website Security
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Domains
Help & Support
  • NameHero Blog
  • Knowledgebase
  • Announcements
  • Affiliates
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2023 NameHero, LLC. All rights reserved.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA