• Resolved ewerkstatt

    (@ewerkstatt)


    Currently every time after the editor does a search for words containing German umlauts in his website, he is locked out from access. Reason (according to log-files): SQL-injection.

    We would need to switch to another firewall, as the editor says he cannot work anymore in his website that way.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter ewerkstatt

    (@ewerkstatt)

    The log file reports something, like:

    cpg=https://[domain]/?s=s%C3%BCdafrika

    This seems to trigger the denial of access due to “SQL-Injection”.

    • This reply was modified 1 year, 1 month ago by ewerkstatt.
    Plugin Author nintechnet

    (@nintechnet)

    Can you paste here the exact log line showing the blocked request (or a screenshot of it), as I can’t think of anything that would trigger a “SQL injection” rule because of umlauts. ?s=s%C3%BCdafrika isn’t blocked by the firewall.

    Thread Starter ewerkstatt

    (@ewerkstatt)

    20/Feb/24 16:31:28 #3763586 HIGH 257 xx.yy.zz.xxx GET /index.php - SQL injection - [COOKIE:sbjs_session = pgs=2|||cpg=https://[domain]/?s=s%C3%BCdafrikaner] - [domain]

    Rule number 257. Meanwhile I have disabled that rule and hope, it works for the editors.

    In the line I removed only IP address and the domain.

    • This reply was modified 1 year ago by ewerkstatt.
    • This reply was modified 1 year ago by ewerkstatt.
    • This reply was modified 1 year ago by ewerkstatt.
    peter78

    (@mocsarip)

    Same problem here! Hungarian language.

    28/Feb/24 08:16:00 #5208340 HIGH 257 ***.***.***.*** GET /index.php - SQL injection - [COOKIE:sbjs_session = pgs=7|||cpg=https://www.********.hu/?s=s%C3%A1rk&post_type=product] - www..********.hu
    • This reply was modified 1 year ago by peter78.
    Plugin Author nintechnet

    (@nintechnet)

    A new set of rules (2024-02-28.2) was released today, that should fix the issue: go to “NinjaFirewall > Security Rules” and click “Check for updates now”

    peter78

    (@mocsarip)

    Yes, the issue is fixed, thank you!

    Thread Starter ewerkstatt

    (@ewerkstatt)

    Thank you. I reactivated that rule. Let’s see, what’s going on now.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Access denied after search’ is closed to new replies.