Forum Discussion

Rod_Carvallo_13's avatar
Rod_Carvallo_13
Icon for Nimbostratus rankNimbostratus
Aug 13, 2013

Blocking of SQL Injection with F5 LTM 2000 and ASM module

Hi, I have a requirement to block known SQL injections for a hosted environment.

 

Will an F5 LTM 2000 and ASM module upgrade perform this basic functionality out of the box or with very minimal configuration (example: Tickbox to block known SQL exploits)

 

2 Replies

  • uni's avatar
    uni
    Icon for Altostratus rankAltostratus

    You can't just tick the box. You need to create a virtual server and related pool and profiles, then create an ASM policy to apply to it. That policy can have all tests disabled except the SQL injection if you wish.

     

  • Provided you have all of the traffic handling elements created, configuring the ASM to protect your application from SQL Injection is really just a matter of making sure that you have the correct attack signature set assigned (which flavor of SQL do you need to protect? MS-SQL or MySQL for example) to your security policy.

     

    You'll need to look a the different methods for creating security policies to see which one works best for your environment.