Distributed Cloud Services
API Docs Knowledge Base Training

Add multiple decoding check

Malicious payloads decoded more than 3 times are passing without any violation raised

for example:
":path\":\"/item/57328/1/59721?test=%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252f%2e%252e%2e%252e%2f%252fetc%2fhosts\"

which decodes to:

/item/57328/1/59721?test=....//....//....//....//....//....//....//....//....//....//....//....//etc/hostsa

  • Amit Zakay
  • Nov 20 2025
XC Console / Security
  • Attach files

Related ideas

© 2022 F5, Inc. All rights reserved | Trademarks | Policies | Privacy | California Privacy | Do Not Sell My Personal Information