Java Form to PostgreSql triggering firewall

Django x2

Django x2

Django x2

Soldato
Joined
28 Sep 2008
Posts
14,181
Location
Britain
Possibly a bit too advanced for here, but has anyone any experience of HTML/JAVA forms that submit to a database (in this case PostgreSQL)? We're getting a lot of triggers on the WAF with OWASP policies applied. There's been some tuning, but still, simple free form text boxes get blocked, things like " UPDATE number to 07888554443"

It's clearly seeing it as SQLi but I mean come on, surely the WAF isn't that stupid?
 
Hi guys, thanks for responses. This is all Azure based, a static web front end webapp which fires off Java to client side check and submit to the PostgreSql dB in Azure. This is behind a private endpoint, and a web application firewall.

The example above:

07555555555 update in your records please
Click to expand...

Will trigger the WAF policy and stop the field being updated.
 
You must log in or register to reply here.
Back
Top Bottom