---
title: Protection from CVE-2023-50164 (Apache Struts directory traversal)
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2023/12/protection-from-cve-2023-50164-apache-struts-directory-traversal
---

A directory traversal vulnerability within file uploads has been found in Apache Struts and has been assigned CVE-2023-50164. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Templated Rules**.
4. In the search bar, enter `CVE-2023-50164` and then click **View** for the CVE-2023-50164 templated rule.
5. Click **Configure** and then **Add trigger**.
6. Select the **Block requests from an IP immediately if the CVE-2023-50164 signal is observed** checkbox.
7. Click **Update rule**.