SQL Injection Threat Protection at Header

In my usecase i have implemented SQL Threat Protection as mentioned in

https://community.apigee.com/content/kbentry/18428/tutorial-how-to-protect-your-microservices-apis-f...

and its working as expected.But is there a way to Protect all my header parameters from SQL threat instead of going with specific header param? as like protecting the URI using (request.uri)

Any idea @Anil Sagar , @Mukundha Madhavan

Solved Solved
0 1 688
1 ACCEPTED SOLUTION

Not applicable

@maivizhi, No, this is not possible. One has to specify specific header for SQL threat protection. Note that comparison between request.uri and request.header may not be correct as request.header represents an array e.g. request.header.{header_name} while request.uri is a variable.

More importantly, I don't think, one need SQL injection protection against all http headers. Http headers like Cookie, User-Agent, Referer and Host need protection for such attack. It may be wastage of CPU cycles by comparing against all headers.

View solution in original post

1 REPLY 1

Not applicable

@maivizhi, No, this is not possible. One has to specify specific header for SQL threat protection. Note that comparison between request.uri and request.header may not be correct as request.header represents an array e.g. request.header.{header_name} while request.uri is a variable.

More importantly, I don't think, one need SQL injection protection against all http headers. Http headers like Cookie, User-Agent, Referer and Host need protection for such attack. It may be wastage of CPU cycles by comparing against all headers.