Jump to content
Welcome to our new Citrix community!
  • 0

HTML Command Injection Relaxation rule

Amin Eideh


Greetings, had a URL behind the waf, always getting blocked when uploading a file to certain upload form.


Upload process Keeps getting blocked by the command injection check

( the check is set to  keywords and special characters)


ADM logs shows me it blocked the request for the following keyword :

"Ls("%26;")" which is in field named "fielddata"


Been trying to  setup a relaxation rule from the GUI on the same url, with the same keyword and it is still not working at all.


Much Regards

Amin Herbawi




Link to comment

7 answers to this question

Recommended Posts

  • 0

Which security check is blocking this (your title says command injection), but is it command injection, sql injection, signature, or other?

Review this in syslog instead of adm for more details:


cd /var/log

tail -f ns.log | grep APPFW


What relaxation field and url values are you specifying as it might just be defined wrong (improper regex or escape characters)?

Try enabling learning to see if system can generate the relaxation for you if doing it manually isn't working.

Link to comment
  • 0
2 hours ago, Carl Stalhood1709151912 said:

I think the Value Expression is regex. Do the parentheses need to be escaped? Try using a regex tester for your Value Expression with the string that the log is complaining about.

  Lets forget the above keyword and assume the field input to be    " ls;"

Even when trying to just relax this input by configuring a regex that is  [a-z][a-z][^a-z], which matches  this input the relaxation rule still does not work.


I believe it is a bug to be honest.


Much Regards



Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...