What’s the best way to block SQL Injection attempts using User Agents in Azure Front Door?

My Azure front door detected the following as a suspicious User Agent:

Sample User Agents Mozilla/5.0+(X11;+U;+Linux+i686;+en-US;+rv:1.8.1.10)+Gecko/20071115+Firefox/2.0.0.10+(Debian-2.0.0.10-0etch1))+WHERE+2024=2024+OR+EXP(~(SELECT+*+FROM+(SELECT+CONCAT(0x716a6a6271,(SELECT+(ELT(7382=7382,1))),0x7170627a71,0x78))x))--+xgHc; Mozilla/5.0+(X11;+U;+Linux+i686;+en-US;+rv:1.8.1.10)+Gecko/20071115+Firefox/2.0.0.10+(Debian-2.0.0.10-0etch1))+WHERE+7294=7294+AND+7998+IN+(SELECT+(CHAR(113)+CHAR(106)+CHAR(106)+CHAR(98)+CHAR(113)+(SELECT+(CASE+WHEN+(7998=7998)+THEN+CHAR(49)+ELSE+CHAR(48)+END))+CHAR(113)+CHAR(112)+CHAR(98)+CHAR(122)+CHAR(113)))--+zoFN

What is the best rule or custom rule that can be configured in Azure front door to prevent the above user agent attack?



Read more here: https://stackoverflow.com/questions/68463109/whats-the-best-way-to-block-sql-injection-attempts-using-user-agents-in-azure-f

Content Attribution

This content was originally published by Rod at Recent Questions - Stack Overflow, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: