URL Request Manipulation

What It Means

The URL paths and parameters of this request appear to have been modified in a way designed to bypass security filters.

Why It Matters

Attackers manipulate URLs to evade WAF rules — adding extra path segments, encoding special characters, using path traversal sequences, or inserting unexpected parameters. These manipulations attempt to reach protected resources or trigger vulnerabilities while avoiding detection.

Common Triggers

Requests with path traversal patterns (like ../), double-encoded URL characters, unusual path constructions, or parameter tampering designed to bypass access controls.

What To Do

These blocks are safe to leave in place. They indicate active attempts to manipulate your application’s URL handling. If a legitimate request is being blocked due to unusual URL structures, use Path Allowlisting to exempt that specific endpoint.