Troubleshooting
Problem
A DataPower SQL injection filter blocks requests that are considered likely to alter SQL queries with the goal of obtaining sensitive data. A filter action protects against threats, but it may potentially reject valid requests containing SQL keywords. The DataPower SQL injection filter action is designed to reject requests containing SQL keywords. DataPower services that need to accept some requests that contain SQL keywords, but reject others, may need a customized processing policy for those services to meet business requirements. The default filter may require customization specific to your data traffic.
Symptom
A request like the one below, containing the state abbreviation for Oregon, "OR", will, by design, be rejected by an SQL injection filter because OR is an SQL keyword.
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:sim="http://www.example.org/SimpleSOAP/">
<soapenv:Header/>
<soapenv:Body>
<sam:sayHello>
<sam:city>Portland</city>
<sam:state>OR</state>
</sam:sayHello>
</soapenv:Body>
</soapenv:Envelope>
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:sim="http://www.example.org/SimpleSOAP/">
<soapenv:Header/>
<soapenv:Body>
<sam:sayHello>
<sam:city>Portland</city>
<sam:state>OR</state>
</sam:sayHello>
</soapenv:Body>
</soapenv:Envelope>
The DataPower log will include some or all of the following messages, depending on the log level specified:
| [xmlparse] | [debug] | Parsing document: 'store:///SQL-Injection-Patterns.xml' |
| [xmlparse] | [debug] | Finished parsing: store:///SQL-Injection-Patterns.xml |
| [xmlfilter] | [info] | Reject set: Message contains restricted content |
| [xsltmsg] | [error] | ***SQL INJECTION FILTER***: Message from x.xx.xxx.xxx contains possible SQL Injection Attack of type 'SQL Keyword Injection' Offending content: 'OR'. Full Message: |
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdoYAAS","label":"DataPower-\u003EMGMT (MM)-\u003EAPIM \/ APIC"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
13 August 2020
UID
swg21444739