SQL Injection Filter

Detects and blocks SQL injection patterns in requests.

Use the SQL Injection Filter policy to detect potentially harmful SQL expressions and block requests that include unsafe input.

For more information on the policy parameter descriptions, see DataPower Nano Gateway documentation.

Example of a SQL Injection Filter policy in code view.

kind: SQLInjectionFilter
apiVersion: api.ibm.com/beta
metadata:
  name: sqlInjectionFilter
  namespace: security
  version: 1.0
spec:
  filterOn: "body" # Options: "body" (default) | "uri" | "bodyAndUri" 
  injectionRules:
    predefined:
      - "likeMatch"
      - "escapeSequence"
      - "keywordInjection"
      - "mSSQLCommands"
      - "metacharacters"
      - "oracleBufferOverflow"
      - "commands"
      - "simpleMetacharacters"
      - "orAndAttack"
    custom:
      - "my-filter-1" #name of the custom injection rule, corersnponding regex needs to be supplied to the gateway via the admin view (APIM)
      - "my-filter-2"
  message: "request"