AnsweredAssumed Answered

R80.10 Security Gatway IPS detects SQLi but not command injection

Question asked by tom barat on May 30, 2018
Latest reply on Jun 5, 2018 by Günther W. Albrecht

Hi,

 

I have a vulnerable web server behind a R80.10 Security gateway. I activated a strict IPS profile on the gateway.

 

When i use a machine in front of the firewall module to make simple attacks on the web server the FW properly detects and blocks SQLi attempts, but not command injection such as inserting " ;ls " in a field.

 

This behavior is exactly the same for https and http traffic.

 

Is there a specific feature to enable or specific configuration for the firewall to be able to block command injection attacks ?

 

Thank you in advance.

Outcomes