Jump to content
Welcome to our new Citrix community!
  • 0

Working SQL Injection relaxation rule for IE/Safari User-Agent Header "like"

Sven Olsfelder




does anybody have a working relaxation rule for the User-Agent header field for IE/Safari ? 


Log entry looks like this:


...msg=SQL Keyword check failed for header User-Agent\="..like Gecko) Version/9.1 Safari/601.5.17(;)" 


It's also happening for IE, because of the "like" in the User-Agent. Of course "Check Request Headers" is set to True.









Link to comment

4 answers to this question

Recommended Posts

  • 0



did this too, still doesn't work. I had a similar issue earlier these days with a XSS relaxation rule - after I deployed the learned rule, it appeared again and again in the learned rules and couldn't (obviously) bedeployed again because it was "already in use". I could get over it by using a lot of ^.*$. But that doesn't work for this specifiy User-Agent relaxation.


Seems like the AppFW sometimes doesn't understands it's own "language".... 

Link to comment
  • 0

I am having the same problem with IE11 on Windows 7.  I have tried deploying the rules that the appfw learns, but it still blocks these requests.  I have tried adding various combinations of PCRE wildcards in all the fields available (URL, location, value etc).  None of them do what I want and the appfw still blocks these requests as being SQL injection attempts.


Surely there must be some documented solution to this, since IE11 is so common in the field.  Has anyone managed to solve it?


I am now trying an idea of using a rewrite policy to remove the User-Agent header altogether.  Has anyone had any success with this kind of idea?



Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...