--- title: Control Handling of Path Traversal Attempts description: When set to true any incoming URL containing a path segment of .. will cause the incoming request to be rejected with an HTTP 400 response. component: java-agents version: 2025.11 page_id: java-agents:properties-reference:org.forgerock.agents.reject.path.traversal.attempts.enabled canonical_url: https://docs.pingidentity.com/java-agents/2025.11/properties-reference/org.forgerock.agents.reject.path.traversal.attempts.enabled.html --- # Control Handling of Path Traversal Attempts When set to `true` any incoming URL containing a path segment of `..` will cause the incoming request to be rejected with an HTTP 400 response. Note that requests will be rejected if any path parameter contains `..` anywhere, even though path parameters do not take part in URI normalisation. When the property [Control Handling of the URL Encoded Sequence %2e](org.forgerock.agents.percent.2e.handling.strategy.html) is set to ACCEPT\_AND\_INTERPRET, path segments or path parameters containing `.%2e`, `%2e.` and `%2e%2e` will also be rejected. Note that this will NOT affect access to resources such as `index..html`, for example. | | | | ------------------------ | ------------------------------------------------------------------------------------------------ | | Property name | `org.forgerock.agents.reject.path.traversal.attempts.enabled` | | Aliases | `org.forgerock.agents.reject.path.traversal.attempts.enabled`   Introduced in Java Agent 2024.11 | | Function | Configure behaviour | | Type | Boolean: `true` returns true; all other strings return `false`. | | Default | `false` | | Bootstrap property | No | | Required property | No | | Restart required | No | | Local configuration file | `AgentConfig.properties` |