Link to home
Start Free TrialLog in
Avatar of ldvhai

asked on

Prevent SQL Injection with iptables

Hi Experts.

I'm setting up iptables for a system so I want to ask if there is any rule/module that can prevent SQL Injection on iptables.

Thanks for reading this.
Avatar of arnold
Flag of United States of America image

Usually iptables has to use snort or something like that to detect signatures.

to prevent SQL injection, your code is a far better mechanism to address that.

i.e. make sure you are not passing form data directly to the sql server.

Check if there are articles on this issue at EE.
Avatar of btan

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The above deals with aURL encoded (GET request)
A post request could still go through.

Best to safeguard your system, is to make sure the code in use is not suseptible to SQL injection.
Avatar of btan

agree secure coding and OWASP has good reference on it. Build different layer of defence starting from the code level into the web appl, and to the host OS (host defence like iptables), into web server (with WAF like mod sec) and at the network perimeter facing external network with WAF as it is app aware type of FW - not only SQLi but also others mentioned in OWASP like XSS etc.
Avatar of ldvhai


Thank you for the instructions above, i'm really appreciate it.