We help IT Professionals succeed at work.

Prevent SQL Injection with iptables

376 Views
Last Modified: 2018-09-08
Hi Experts.

I'm setting up iptables for a system so I want to ask if there is any rule/module that can prevent SQL Injection on iptables.

Thanks for reading this.
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Usually iptables has to use snort or something like that to detect signatures.

to prevent SQL injection, your code is a far better mechanism to address that.

i.e. make sure you are not passing form data directly to the sql server.

Check if there are articles on this issue at EE.
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The above deals with aURL encoded (GET request)
A post request could still go through.

Best to safeguard your system, is to make sure the code in use is not suseptible to SQL injection.
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
agree secure coding and OWASP has good reference on it. Build different layer of defence starting from the code level into the web appl, and to the host OS (host defence like iptables), into web server (with WAF like mod sec) and at the network perimeter facing external network with WAF as it is app aware type of FW - not only SQLi but also others mentioned in OWASP like XSS etc.

Author

Commented:
Thank you for the instructions above, i'm really appreciate it.

Sincerely.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.