[9.200-11][ANSWERED] Websites blocked by SQL Injection filter

Hi,

I just updated from 9.109 to 9.200-11 but unless I disable the SQL injection check on the web application firewall, most published websites have pages that are being blocked and users get a 403 error. With 9.109 this worked perfectly fine with the SQL filter enabled.

Any idea?

Franc.

Parents

0 FrancWest over 11 years ago

although I've disabled SQL injection attacks in the profile I still see 403 Access Denied errors in the logs. With 9.1 I never had 403 Access Denied errors. What do we have to do that our websites can be visited again without these errors except for completely disabling the commong threats filter? Is there a way to fine tune this? When looking at the top rules in the report I see many of these (63.13% of all occurences):

960015 Request Missing an Accept Header 1 565 38.46 363 63.13
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 FrancWest over 11 years ago

although I've disabled SQL injection attacks in the profile I still see 403 Access Denied errors in the logs. With 9.1 I never had 403 Access Denied errors. What do we have to do that our websites can be visited again without these errors except for completely disabling the commong threats filter? Is there a way to fine tune this? When looking at the top rules in the report I see many of these (63.13% of all occurences):

960015 Request Missing an Accept Header 1 565 38.46 363 63.13
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data