Forum Discussion

Vivek_Padale_16's avatar
Vivek_Padale_16
Icon for Nimbostratus rankNimbostratus
Jul 30, 2014

Disabling SQL injection and XML Tagging for a specific URL

Hello Everyone,

 

I want to disable SQL injection and XML Tagging attack for this url:-

 

"http://mybase.com/users/profile".

 

So is there any iRule for disabling SQL injection and XML tagging for the above URL.

 

Thanks.

 

3 Replies

  • I would recommend F5's ASM module to handle this, assuming the application/website cannot be fixed to address the problem. Escaping input at the app level works a lot better than pattern matching at the network level.
  • Vivek, could you stick to your initial post please ? i provided you with an answer here for SQL injection unnblock: https://devcentral.f5.com/questions/irule-for-asmanswer100884

     

    next step for you is to identify the attack type form XML tagging and add it with a or in the matching condition.

     

    thanks.