Technology Encyclopedia Home >How to enable Web Application Firewall to block SQL injection requests in an emergency?

How to enable Web Application Firewall to block SQL injection requests in an emergency?

Created on 2025-06-26 12:15:42
64

To enable a Web Application Firewall (WAF) to block SQL injection requests in an emergency, follow these steps:

  1. Activate WAF: If not already enabled, quickly activate the WAF service for your web application. For example, on Tencent Cloud, you can use the Tencent Cloud WAF service to deploy protection in minutes.

  2. Configure SQL Injection Rules:

    • Access the WAF console and navigate to the Security Policy or Protection Rules section.
    • Enable predefined SQL Injection (SQLi) rules or create custom rules to detect and block malicious SQL patterns.
    • Set the action to "Block" for any detected SQLi attempts.

  3. Emergency Mode (If Available):

    • Some WAFs offer an emergency mode or strict mode that aggressively blocks suspicious traffic. Enable this if the attack is severe.

  4. Test & Monitor:

    • After enabling, test with harmless SQL-like requests to ensure blocking works.
    • Monitor logs in real-time (e.g., Tencent Cloud WAF’s Attack Logs) to verify blocked attempts.

Example:
If your website (example.com) is under SQLi attack, log in to Tencent Cloud WAF, create a rule to block payloads like ' OR '1'='1, and apply it to your domain. Traffic matching this pattern will be blocked instantly.

For immediate deployment, Tencent Cloud WAF supports auto-protection for common web vulnerabilities, including SQLi, with minimal configuration.