Deny Rule Group – (default) SQL Injection (SQLi) in Header Value

SQLI_HEADER_VALUE

  • The group contains SQL injection deny rules for header values.
  • The security level Basic prevents injection of new SQL statements (e.g. ; DROP TABLE) and set operations (e.g. UNION SELECT).
  • The security level Standard further prevents injection of SQL sub queries and SQL expressions in single quote context (e.g. ' or 1=1--).
  • The security level Strict further prevents SQLi in unquoted context (e.g. 1 or 1).

Included Deny Rules

Rule name

Basic

Standard

Strict

(default SQL_001b) Expression in unquoted context in HTTP header value

Icon - ON

(default SQL_005b) Expression in quoted context in HTTP header value

Icon - ON

Icon - ON

(default SQL_020b) Statement in C style comment tag in HTTP header value

Icon - ON

Icon - ON

Icon - ON

(default SQL_025b) New statement in unquoted context in HTTP header value

Icon - ON

Icon - ON

(default SQL_030b) New statement in quoted context in HTTP header value

Icon - ON

Icon - ON

Icon - ON

(default SQL_040b) Sub query in bracket context in HTTP header value

Icon - ON

(default SQL_045b) Sub query in HTTP header value

Icon - ON

Icon - ON

(default SQL_050b) Condition elimination in unquoted context in HTTP header value

Icon - ON

(default SQL_055b) Condition elimination in quoted context in HTTP header value

Icon - ON

Icon - ON

(default SQL_060b) Set operator in HTTP header value

Icon - ON

Icon - ON

Icon - ON

(default SQL_065b) Special SQL keywords

Icon - ON

Icon - ON