---
title: Local File Inclusion (LFI) attack attempts
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Local File Inclusion (LFI) attack
  attempts
---

# Local File Inclusion (LFI) attack attempts
Tactic:[TA0001-initial-access](https://attack.mitre.org/tactics/TA0001)Technique:[T1190-exploit-public-facing-application](https://attack.mitre.org/techniques/T1190) 
### Goal{% #goal %}

Detect serious local file inclusion (LFI) attempts on routes with errors related to file inclusion. Such security activity generally indicates that an attacker is trying to exploit a potential LFI vulnerability.

### Strategy{% #strategy %}

Monitor local file inclusion attempts (`"@appsec.security_activity:attack_attempt.lfi`) on services generating errors related to this type of attack (`@_dd.appsec.enrichment.error_messages:(*File* OR *Directory* OR *ENOENT* OR *EACCES* OR *include_path*)`).

Generate an Application Security Signal with `High` severity.

### Triage and response{% #triage-and-response %}

1. Consider blocking the attacking IP(s) temporarily to prevent them from reaching deeper parts of your production systems.
1. Investigate the errors generated by this attack to identify if any vulnerabilities need to be fixed.