HEX

File: //etc/modsecurity.d/owasp/regex-assembly/930110.ra
##! Please refer to the documentation at
##! https://coreruleset.org/docs/development/regex_assembly/.

##! Path Traversal Attack detection for decoded payloads (/../) or (/.../)
##! Also detects semicolon-based traversal (;..;) for Tomcat reverse proxy bypass
##!
##! To prevent '..' alone from triggering, the regexp requires a path
##! separator (/, \, or ;) on at least one side of the dots:
##! - ../  or  ..\  or  ..;  (dots followed by separator)
##! - /..  or  \..  or  ;..  (separator followed by dots)

##!> define sep [\x5c/;]

##!> assemble
  ^
  {{sep}}
##!<
##!=>
\.{2,3}{{sep}}