This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tune WAF SQL Injection protection

Hello,

Is it possible to change the thresholds for XSS/SQL Injection blocks/alerts? I noticed for instance that SQL SELECT statements and several UPDATE statements are not blocked.

Additionally, is there any detailed information available on how the form/url hardening logic works? How does the system 'learn' which values are allowed in a specific form, and which URLs may be accessed from a specific url?

Thank you very much,

Regards,
Tim

This thread was automatically locked due to age.

0 sd12 over 12 years ago
after an attack on a webserver i was shocked. this querry
?a=UPDATE+table+SET+field='value'+WHERE+huhu=1;
will not be blocked.

How can i block update queries?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

I think both of you should submit a Support request to Astaro if you have a paid license.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel