SQL Injection

matt.lintz · May 17, 2018, 9:51pm

I just started using Cloudflare last night and had thought that sql injection would be limited / caught but 99% of traffic was sql injection attacks. Not a worry as my code is good but I see none were stopped or show up in my analytics as a threat.

3100 request with variations like this and I’m assuming all from one IP at 2 to 3 requests per second

%27%29%29%29%20RLIKE%20%28SELECT%20%2A%20FROM%20%28SELECT%28SLEEP%285%29%29%29oYso%29%20AND%20%28%28%28%27beod%27%3D%27beod HTTP/1.1" 500 5114 “-” “Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; c .NET CLR 3.0.04506; .NET CLR 3.5.30707; InfoPath.1; el-GR)”

sdayman · May 17, 2018, 10:43pm

Judging from advertised features, only the Pro and above plans provide SQL injection protection through the Web Application Firewall (WAF).

Pro plan is $20/month with no commitment, so you can enable it for a month and see if that helps and then decide if it’s worth the $20/month.

matt.lintz · May 17, 2018, 10:58pm

Possibly but I read
At all levels - Block known malicious threats from accessing your site. Security levels are customizable site by site.

I would expect some sort of notification or blocking based on the number and pattern of request.

sdayman · May 17, 2018, 11:12pm

What Security Level (in the Firewall tab) do you have set for your site? I run “High” for my LAMP sites and haven’t received user complaints regarding access.

matt.lintz · May 17, 2018, 11:19pm

I did have it a low and will try higher but still think that the number of requests from a single ip for the time period should have shown up in my analytics as a possible threat

sdayman · May 17, 2018, 11:21pm

There’s also Rate Limiting…also under Firewall settings.

thedaveCA · May 18, 2018, 12:53am

There is no reason to think that such things would be a threat in the general sense, anyone hosting anything with an API behind Cloudflare would have similar patterns of legitimate traffic which should not be blocked or interfered with in Low mode.

matt.lintz · May 18, 2018, 1:12am

Sorry I disagree with the patterns I saw. A brief glance by anyone who looks at log files would see an attack

matt.lintz · May 18, 2018, 1:59am

And as I said earlier I’m not surprised they didn’t block them but I would expect my threat report to show them as threats or possible threats in my analytics.

system · May 31, 2018, 9:51pm

This topic was automatically closed after 14 days. New replies are no longer allowed.

Topic		Replies	Views
Preventing SQL Injections Security	5	1413	October 14, 2023
SQL Query Injection Security firewall	2	2622	April 12, 2018
Website Attack and SQL Injection Security	1	1997	July 31, 2020
Catching SQL Query Pattern using WAF Security	3	939	August 19, 2023
Cloudflare SQLinjection protection Security	3	6643	February 15, 2022

SQL Injection

Related topics