Will blocking the use of ../ in query strings always prevent a path traversal attack?
That's right! Directories are climbed in many ways. We've got options!
Oh noes! That's not the only way to traverse directories, so webmasters segregate files and restrict privileges.