SQLI_HEADER_VALUE
- ●The group contains SQL injection deny rules for header values.
- ●The security level Basic prevents injection of new SQL statements (e.g. ; DROP TABLE) and set operations (e.g. UNION SELECT).
- ●The security level Standard further prevents injection of SQL sub queries and SQL expressions in single quote context (e.g. ' or 1=1--).
- ●The security level Strict further prevents SQLi in unquoted context (e.g. 1 or 1).
Included Deny Rules
Rule name | Legacy | Basic | Standard | Strict |
(default SQL_001b) Expression in unquoted context in HTTP header value | ||||
(default SQL_005b) Expression in quoted context in HTTP header value | ||||
(default SQL_020b) Statement in C style comment tag in HTTP header value | ||||
(default SQL_025b) New statement in unquoted context in HTTP header value | ||||
(default SQL_030b) New statement in quoted context in HTTP header value | ||||
(default SQL_040b) Sub query in bracket context in HTTP header value | ||||
(default SQL_045b) Sub query in HTTP header value | ||||
(default SQL_050b) Condition elimination in unquoted context in HTTP header value | ||||
(default SQL_055b) Condition elimination in quoted context in HTTP header value | ||||
(default SQL_060b) Set operator in HTTP header value | ||||
(default SQL_065b) Special SQL keywords |
