Path Validation

15 tests demonstrate how Signando HTTP validates URL paths against the policy and blocks path traversal attacks.

PATH-001PASS

GET /index.html - Valid static path

curl -X GET http://localhost:8080/index.html

The path /index.html is defined in the policy allowlist. Signando HTTP validates that the path matches a defined pattern.

PATH-003BLOCKED

GET /admin - Path not in allowlist

curl -X GET http://localhost:8080/admin

Signando HTTP works on the allowlist principle: Only paths explicitly defined in the policy are allowed. Undefined paths are rejected.

PATH-004BLOCKED

GET /../etc/passwd - Path traversal attack

curl -X GET http://localhost:8080/../etc/passwd

Path traversal attempts using ../ sequences are detected and blocked before reaching the backend.