Start Free Trial
Come for the solution, stay for everything else.
Start Free Trial
Prevent SQL Injection with iptables
I'm setting up iptables for a system so I want to ask if there is any rule/module that can prevent SQL Injection on iptables.
Thanks for reading this.
8/22/2022 - Mon
Usually iptables has to use snort or something like that to detect signatures.
to prevent SQL injection, your code is a far better mechanism to address that.
i.e. make sure you are not passing form data directly to the sql server.
Check if there are articles on this issue at EE.
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today
7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
The above deals with aURL encoded (GET request)
A post request could still go through.
Best to safeguard your system, is to make sure the code in use is not suseptible to SQL injection.
agree secure coding and OWASP has good reference on it. Build different layer of defence starting from the code level into the web appl, and to the host OS (host defence like iptables), into web server (with WAF like mod sec) and at the network perimeter facing external network with WAF as it is app aware type of FW - not only SQLi but also others mentioned in OWASP like XSS etc.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
Thank you for the instructions above, i'm really appreciate it.
Plans and Pricing
Certified Expert Program
© 1996-2022 Experts Exchange, LLC. All rights reserved. Covered by US Patent