WAF - pdf file upload triggers SQL Injection

Hi all,
Very occasionally, uploading a pdf file to our web site triggers the WAF rule of SQL injection, and stops the upload.

Any ideas on a fix?

It actually stopped the upload? That log entry said Log/Simulate.

I believe you can add a Firewall Rule for that URL with a Bypass of the WAF.

Hi @chris54, as @sdayman mentioned, can you confirm if the request was blocked? From the screenshot you provided it appears that it was only logged.

As to why that rule is being logged in the first place, this is a bug whose fix is rolling out these next few days.

1 Like

Hi guys, sdayman is correct, the upload is stopped by a “Challenge” due to “Inbound Anomaly Score Exceeded”, perhaps from the SQL Injection rules being triggered?
here is a picture

You can check the “Additional logs” section of that event to see which rules are triggering for the request.

Not only are the pdf files triggering the rule: “Detects chained SQL injection attempts” but also uploading a photo with a mobile app to webAPI also triggered the rule…

Ahh - OK “Additional Logs”. Thanks mdemoura. Here is one…

This topic was automatically closed after 30 days. New replies are no longer allowed.