Cannot use a leading .. to exit above the top directory

Mahmoud Ibrahim asked on June 13, 2022 08:59

Hello, I have this error in event logs in Kentico12 portal engine application

Message: Cannot use a leading .. to exit above the top directory.

Exception type: System.ArgumentException Stack trace: at CMS.Helpers.URLHelper.RemoveDotSegments(String path) at CMS.Helpers.URLHelper.ResolveUrl(String url, Boolean ensurePrefix) at CMS.Helpers.RequestContext.set_RawURL(String value) at CMS.URLRewritingEngine.URLRewriter.RewriteUrl(String relativePath, ExcludedSystemEnum excludedEnum, SiteNameOnDemand siteName, ViewModeOnDemand viewMode) at CMS.URLRewritingEngine.URLRewriter.RewriteUrl(RequestStatusEnum status, String relativePath, ExcludedSystemEnum excludedEnum) at CMS.URLRewritingEngine.URLRewritingHandlers.RewriteUrl(Object sender, EventArgs e) at CMS.Base.AbstractHandler.CallEventHandler[TArgs](EventHandler1 h, TArgs e) at CMS.Base.AbstractHandler.Raise[TArgs](String partName, List1 list, TArgs e, Boolean important) at CMS.Base.SimpleHandler2.RaiseExecute(TArgs e) at CMS.Base.SimpleHandler2.StartEvent(TArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

user agent: "Python-urllib/3.8"

Any help please as I cannot find the reason of this error?

Recent Answers

Juraj Ondrus answered on June 13, 2022 09:23

What are the steps leading to the error? The User agent is strange - looks like some bot or crawler was trying something on your site. OR, are you using any Python libraries for URLs?

0 votesVote for this answer Mark as a Correct answer

Michal Seidl answered on June 17, 2022 15:38 (last edited on June 17, 2022 17:30)

Hi,

thanks for your Answer Juraj. We made larger analyse and found that all af these erorrs are caused by some strange crawlers requests which are trying to reach some non sense url like:

  1. domain/remote/fgt_lang lang=/../../../..//////////dev/cmdb/sslvpn_websession
  2. domain/index.php option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00
  3. domain/remote/fgt_lang lang=/../../../..//////////dev/

In case that url has a lot of "../" parts it tries to go above row and exception is fired.

Thanks and have nice day. M.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on June 20, 2022 07:59

It looks like somebody is using some bot to help find some security vulnerability on your site. I would recommend blocking given IP range and using a good firewall.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.