This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False positives Attack Sql injection

azepeda1984 over 10 years ago

Hello
We have the following issue. We have a website that is published by joomla module with sophos WAF on version 9.1 everything works fine but when we do it upgrade to version 9.2 website show us a message that we don't have permission because present SQL injection attack.

some help.

please see attach.

This thread was automatically locked due to age.

0 Ross86 over 10 years ago

Hey,

If it's a false positive you can add it to the exceptions by entering the ID you are seeing in the logs so it would be 981204 in this case you have highlighted.

That will bypass on all those attacks though so there may be a better solution.

Hope that helps
Cancel
Vote Up 0 Vote Down

Cancel
0 azepeda1984 over 10 years ago in reply to Ross86

Hey,

If it's a false positive you can add it to the exceptions by entering the ID you are seeing in the logs so it would be 981204 in this case you have highlighted.

That will bypass on all those attacks though so there may be a better solution.

Hope that helps

Thanks very much !!

i will try to sugestion and after coments
Cancel
Vote Up 0 Vote Down

Cancel
0 scorpionking over 10 years ago
Just add the ID Ross86 mentioned into "skip tfilter rules" in the Web Application firewall profile you are using for this virtual server.

It is quite common that certain IDs produce false positives with several CMS.
----------
Sophos user, admin and reseller.
Private Setup:

XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)

UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Cancel
Vote Up 0 Vote Down

Cancel