I have a web site under development that threw this error: "Inbound Anomaly Score Exceeded (Total Score: 5, SQLi=3, XSS=): Last Matched Message: Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"
I can disable the SQL injection attack test in WAF, and then the page in question works, but I don't like leaving the metaphorical fire door propped open. The developer doesn't know why this particular page triggered the error and asked for more information, but I don't see anything in my UTM logs, unless it's the semicolons in the cookie generated by ASP.net.
Is there a way to capture this information? Some logging that I didn't enable yet?
Thanks,
- Joe
I've identified the source of the SQL Injection pattern match. (it was a pair of chevrons in button text, i.e. "Forward >>").
The trick was looking at the archived log files, which I had not before. That view contained much more detailed information than I was seeing in the live log files. That's where I'll be going from now on to troubleshoot issues like this.
Quote