---
title: HTTP requests containing path traversal sequences
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > HTTP requests containing path traversal
  sequences
---

# HTTP requests containing path traversal sequences
Classification:attackTactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-application](https://attack.mitre.org/techniques/T1190) 
## Goal{% #goal %}

Detect HTTP requests containing path traversal sequences in the URL path or query string, including when the response is successful.

## Strategy{% #strategy %}

This rule monitors OCSF HTTP requests for encoded and plain parent-directory traversal patterns, grouped by `@ocsf.src_endpoint.ip`.

## Triage and response{% #triage-and-response %}

- Review whether traversal attempts reached sensitive files or APIs and whether responses leaked content.
- If activity is malicious and unauthorized, consider blocking or rate limiting `{{@ocsf.src_endpoint.ip}}` and follow your incident response process.