Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

WAF not blocking sql injection

0

Hi,

How can I check WAF sql injection implementation rule?

We received the request below and WAF sql injection rule didn't block it.

a piece of the request body:

{"id":"'nvOpzp; AND 1=1 OR (<'\">iKO)),"}

Thanks

Themen
Sicherheit, Identität & Konformität
Tags
AWS WAF
Sprache
English
Felipe Gaudio
gefragt vor einem Jahr529 Aufrufe
2 Antworten
0

What rules do you currently have in place?
For the AWS Managed Ruleset, the "AWSManagedRulesSQLiRuleSet" can be set to protect against SQL injection.
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-use-case.html#aws-managed-rule-groups-use-case-sql-db

Also note that even matching requests will not be blocked unless the rule is set to block instead of count.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-action.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Jahr
0

Hi Riku, thanks for you answer.

I have the rule AWSManagedRulesSQLiRuleSet active and also blocking.

I also check in WAF log and the request body is less than 8KB and requestBodySizeInspectedByWAF is equals to requestBodySize, so WAF is checking and allowing the request.

Shouldn't this request be blocked?

Thanks

Felipe Gaudio
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt