Can you explain to me why the entries on the attached are being captured. As I look at them they seem to be valid, especially the recapture response. Have been getting a few of these lately and not sure if they should be blocked.
Yes, both queries are valid. The 'line comments' and 'using integers' filters (into SQL injection tab) can give you many false positives as are used to detect rare attacks with a syntax that could also come from a valid query.
So add the involved extensions as exceptions or enable the 'Easy config' feature from main panel of Securitycheck Pro.
Umm, it's odd. For some reason it's not applied; disable and enable it again. You should see a '*' into waf configuration -> filter exceptions -> SQL injection tab -> 'using integers' and 'line comments' filters.
Turning it on and then off worked. We have been running security pro since before you had easy config and turned it on as soon as you had implemented it. Maybe way back then some things weren't set. Will do this for all my sites.
Thanks so much and have a great weekend.
Some users reported default values in config after some time; I think it's an issue related with adding IPs to blacklist or whitelist as I store them into the same database entry that I use to store config.
I will change this in the next version so every list will have its own database entry and I will also add some extra checks to avoid overwriting the config if for some reason there is an issue.