In my usecase i have implemented SQL Threat Protection as mentioned in
and its working as expected.But is there a way to Protect all my header parameters from SQL threat instead of going with specific header param? as like protecting the URI using (request.uri)
Any idea @Anil Sagar , @Mukundha Madhavan
Solved! Go to Solution.
@maivizhi, No, this is not possible. One has to specify specific header for SQL threat protection. Note that comparison between request.uri and request.header may not be correct as request.header represents an array e.g. request.header.{header_name} while request.uri is a variable.
More importantly, I don't think, one need SQL injection protection against all http headers. Http headers like Cookie, User-Agent, Referer and Host need protection for such attack. It may be wastage of CPU cycles by comparing against all headers.
@maivizhi, No, this is not possible. One has to specify specific header for SQL threat protection. Note that comparison between request.uri and request.header may not be correct as request.header represents an array e.g. request.header.{header_name} while request.uri is a variable.
More importantly, I don't think, one need SQL injection protection against all http headers. Http headers like Cookie, User-Agent, Referer and Host need protection for such attack. It may be wastage of CPU cycles by comparing against all headers.
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |