False SQL Injection attack



The web application firewall is treating the following string insertion as a SQL Injection Attack:

in ( what the fxxk ) “0”

Which I do not agree as we can have any variation of the string with the combination of ‘in’, ‘()’ & “”
Anyway to fix this?


You can search for the Rule ID in your WAF rules and disable it if it isn’t appropriate for your site.