This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF falsely blocking umlaut as SQL injection attack

Dear Sophos Community,

Our Sophos SG230 is working like a charm except this one bug we encountered lately troubleshooting a user trying to send a mail to a specific recipient.

What had happened?

The user was using our Webmail-Service, which is located behind the SG230's web application firewall. The filter is set to block SQL injection attacks.
This combined with a german umlaut (ä in this case) caused the WAF to reject the HTTP-request with a 403-error and logging a SQL injection attack.

Using no umlaut in the recipient field solved the issue. Disabling the SQL injection filter also solved the issue.

For now we are good disabling the filter. However it would be nice to file a bug regarding this and see a fix in an upcoming release.

The device is up-to-date and we were able to replicate the issue on other machines.

Please advise on how to file a report. Logfiles, etc. can be provided if needed.

Thank you and cheers,

Tim

This thread was automatically locked due to age.

0 Jaydeep over 5 years ago

Hi Tim Carow

Would you please create a case with Sophos Support? It will help them take this to developers to notify the issue. Please DM me the case number so I can post here the relevant progress of the case.

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel