Sql Injection Attack - Magento 2.3.5

Hi Team,

I am running Magento hosted on AWS and currently under a heavy SQL injection attack. I can see the queries in the Search Terms. Can you please advise how exactly can I set firewall rules to block this attack. Thank you

Are you on a Free or Paid Cloudflare plan?

As I do not know exactly how much things I would need to setup at my host/origin, while already using Security Level “Medium” at Cloudflare and Bot Fight Mode enabled, so I use Cloudflare Pro Plan which offers me Managed Rules where I can there select rules to protect Magento and some other like OWASP, SQL injections, PHP, etc., which you can turn on with just a click:

Probbably, using some regex (requires Paid plan) for “union, select, concat, globals, request, base64, etc.” but I do not know, so easier for me to use Cloudflare WAF on Pro plan :wink:

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.