Hi
After enabling managed rules, I mostly have “SQLi - String Concatenation” type attacks
I can’t find a precise explanation of what this represents in the Cloudflare documentation.
Can you tell me what kind of attack it is please?
THANKS
1 Like
Hi @milirose, maybe next time you ask a more detailed question, and this is probably what you mean
Expression:
(http.user_agent contains "Cyotek") or (http.user_agent contains "Python") or (http.user_agent contains "discord") or (http.user_agent eq "undifined") or (http.user_agent contains "Datanyze") or (http.user_agent contains "Paw/3.2") or (http.user_agent contains "HTTrack") or (http.user_agent contains "BUbiNG") or (http.user_agent eq ":") or (http.user_agent eq "\"") or (http.user_agent contains "RestSharp") or (http.user_agent contains "curl") or (http.referer contains "bxxs") or (http.user_agent contains "bxxs") or (http.user_agent contains "Acutenix") or (http.referer contains "Acutenix") or (http.user_agent contains "Nmap") or (http.user_agent eq "Ruby") or (http.user_agent contains "grub-client") or (http.user_agent contains "Jeeves") or (http.user_agent contains "Win95") or (http.user_agent contains "Java") or (http.user_agent contains "libwww") or (http.user_agent eq " Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.7) ") or (http.user_agent eq " Mozilla/5.0 (X11; CrOS x86_64 14989.11.0) ") or (http.user_agent eq " Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)") or (http.user_agent eq " Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info\\@netcraft.com)") or (http.user_agent contains " CheckHost") or (http.user_agent eq "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0") or (http.user_agent eq "CheckHost (https://check-host.net/)") or (http.user_agent eq "Mozilla/5.00 (Nikto/2.1.6)") or (http.request.uri.query contains "<script") or (http.request.uri.query contains "%3Cscript") or (http.request.uri.query contains "<?php") or (http.request.uri.query contains "$_REQUEST[") or (http.request.uri.query contains "$_POST") or (http.request.uri.query contains "cmd=") or (http.user_agent eq "Go-http-client/2.0") or (http.user_agent eq "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0\"") or (http.user_agent eq "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko") or (http.user_agent eq "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36") or (http.user_agent eq "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36") or (http.user_agent eq "") or (http.user_agent eq "winhttp") or (http.host eq "iplogger.org") or (http.host eq "iplogger.com") or (http.host contains "iplogger.org") or (http.host contains "iplogger.com") or (http.host in {"iplogger.org"}) or (http.request.uri.query eq "UNION%20SELECT") or (http.request.uri.query eq "SELECT%20FROM") or (http.request.uri.query eq "INSERT%20INTO") or (http.request.uri.query eq "UPDATE%20SET") or (http.request.uri.query eq "DELETE%20FROM")
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.