Menu

Topic-icon Not Understanding Why These are Being Captured

  • worksmart
  • worksmart's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 2 days ago #8564 by worksmart
Can you explain to me why the entries on the attached are being captured.  As I look at them they seem to be valid, especially the recapture response.  Have been getting a few of these lately and not sure if they should be blocked.
Thanks
Attachments:

Please Log in or Create an account to join the conversation.

More
3 weeks 2 days ago #8565 by Jose
Hi worksmart,

Yes, both queries are valid. The 'line comments' and 'using integers' filters (into SQL injection tab) can give you many false positives as are used to detect rare attacks with a syntax that could also come from a valid query.

So add the involved extensions as exceptions or enable the 'Easy config' feature from main panel of Securitycheck Pro.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • worksmart
  • worksmart's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 2 days ago #8566 by worksmart
Replied by worksmart on topic Not Understanding Why These are Being Captured
I do have Easy config on. Where do I add these exceptions?
Thanks!

Please Log in or Create an account to join the conversation.

More
3 weeks 2 days ago #8567 by Jose
Umm, it's odd. For some reason it's not applied; disable and enable it again. You should see a '*' into waf configuration -> filter exceptions -> SQL injection tab -> 'using integers' and 'line comments' filters.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • worksmart
  • worksmart's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 weeks 2 days ago #8568 by worksmart
Replied by worksmart on topic Not Understanding Why These are Being Captured
Turning it on and then off worked. We have been running security pro since before you had easy config and turned it on as soon as you had implemented it. Maybe way back then some things weren't set. Will do this for all my sites.
Thanks so much and have a great weekend.

Please Log in or Create an account to join the conversation.

More
3 weeks 2 days ago #8569 by Jose
You're welcome worksmart!

Some users reported default values in config after some time; I think it's an issue related with adding IPs to blacklist or whitelist as I store them into the same database entry that I use to store config.

I will change this in the next version so every list will have its own database entry and I will also add some extra checks to avoid overwriting the config if for some reason there is an issue.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.088 seconds
Powered by Kunena Forum

Login or Sign In