################################################################################
# DESCRIPTION
#	Test against directory traversal (client must not be allowed to "get out" of
#	DocumentRoot.
#
# AUTHOR
#	Carlos Ghan	<charlie.brown.uy@gmail.com>
#
# DATE
#	March 08 2010
#
# COMMENTS
#	Using URL-encoded hex values
################################################################################


INCLUDE __CONFIG

CLIENT
_REQ $HOST $PORT
__GET /%2e%2e/conf/monkey.conf $HTTPVER
__Host: $HOST
__Connection: close
__
_EXPECT . "HTTP/1.1 403 Forbidden"
_WAIT
END