Prevent tc-sqli-3 event from firing when using the # character in a SQL Server query value

We are seeing the tc-sqli-3 rule being activated when values that contain the # character are being sent to the database. The tc-sqli-3 rule is correctly identifying the # character as a comment starter for MySQL, but misidentifying this as a comment starter for SQL Server. Is there a way to suppress this rule for (as it relates to the # character) for environments that use SQL Server.

Hey Eric - we do not currently have a way to suppress a rule/pattern (in this case tc-sqli-3) for a specific character (like #) or for specific environments (like those using SQL Server). The best path forward here would be to disable monitoring for the tc-sqli-3 pattern for those environments that are leveraging SQL Server. This can be done in AppFW configuration settings in the Monitor section.

If you would still like to block on that pattern id, but not have it recognize # characters. You could create a custom regex (a feature found in the Advanced Rule section) in AppFW --> Blocking which is identical to the tc-sqli-3 pattern but simply remove the # character from the regex.

2 Likes