Jump to content
Welcome to our new Citrix community!
  • 0

WAF unexpected block SQL injection


Claudio Campioni

Question

 

We enabled WAF engine in our Citrix ADC VPX. In particolar we need your assistence for HTML SQL injection.

Some urls are bloccekd by WAF because

1- they contain following character -> '

2- they contain string GROUP or AND etc.

we don't want to block those urls. How we can enable these strings or character without decrease waf security level.

Thank you

Link to comment

1 answer to this question

Recommended Posts

  • 0

You should have a specific field or header causing the violation.  You can use learning to create a relaxation (exemption) for that field or header and that combo (or a granular exception) which exempts a sub pattern.

 

Syslog should have a record of the violation and the exact URL field or header where the violation is seen.

Use learning to exempt the field or header from the sql injection protection (either completely) or a specific pattern while protecting it from everything else.

All non-exempted fields are still fully protected.

 

Syslog:

shell

cd /var/log

tail -F /var/log/ns.log | grep APPFW

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...