HTTP URL obfuscation
Attackers encode HTML links using various formats to evade detection and bypass security measures. For example, the URL www.example.com/cgi.bin could be encoded in a number of ways to avoid detection but still work properly, and be interpreted the same, in a web browser.
The FortiGate prevents the obfuscation by converting the URL to ASCII before inspection.
Table 41: HTTP URL obfuscation types
Encoding type | Example |
No encoding | http://www.example.com/cgi.bin/ |
Decimal encoding | http://www.example.com/cgi.bin/ |
URL encoding | http://www.example.com/%43%47%49%2E%42%49%4E%2F |
ANSI encoding | http://www.example.com/%u0063%u0067%u0069%u002E%u0062%u0069%u006E/ |
Directory traversal | http://www.example.com/cgi.bin/test/../ |