False SQL Injection attack


The web application firewall is treating the following string insertion as a SQL Injection Attack:

in ( what the fxxk ) “0”

Which I do not agree as we can have any variation of the string with the combination of ‘in’, ‘()’ & “”
Anyway to fix this?


You can search for the Rule ID in your WAF rules and disable it if it isn’t appropriate for your site.

1 Like
closed #3

This topic was automatically closed after 30 days. New replies are no longer allowed.