SQL Threat Detector Policy rule

This rule protects APIs against SQL injection attacks by detecting SQL commands in headers, paths, queries, and payloads.

Protects against SQL commands injected in the header, path, query, and payload of incoming HTTP requests. Malicious requests can contain commands like CREATE TABLE and DROP TABLE that can trigger unwanted modifications or denial of service (DOS) in backend databases. This rule specifies regular expressions (regex) to identify SQL commands, elements, strings, and non-database conformant characters to prevent execution of potentially harmful requests.

Rule execution order

This SQL Validator rule executes after the request has been authenticated.

If the request includes one of the specified SQL commands in the query string, header, or path, the requestor receives a Validation failed error. If the request doesn't include one of the specified SQL commands, the system applies the next rule or starts processing the request.


Field	Description
When this rule should be applied	An expression that defines one or more conditions that must be true for the rule to execute. Example: The expression `request.method == "POST"` causes the rule to execute only on `POST` requests.
Threat Detection Regex	The SQL string to use to detect threats. The default expression works as is. You can append entries, re-order them, or replace the expression with your own. Default value: `.'.\|.ALTER.\|.ALTER TABLE.\|.ALTER VIEW.\|.CREATE DATABASE.\|.CREATE PROCEDURE.\|.CREATE SCHEMA.\|.CREATE TABLE.\|.CREATE VIEW.\|.DELETE.\|.DROP DATABASE.\|.DROP PROCEDURE.\|.DROP.\|.SELECT.` Example: `.'.\|.ALTER.\|.ALTER TABLE.\|.ALTER VIEW.\|.CREATE DATABASE.\|.*CREATE PROCEDURE 1 and 1 [^A-Za-z0-9\s]+`
Description	Protects against SQL command injection in the header, path, query, and payload of incoming HTTP requests. Default value: Requests are being checked for SQL injection attempts