Developer forum

Forum » CMS - Standard features » SQL injection
Terri Donahue
Terri Donahue
Reply

Hi Team,

Is there a way to whitelist an IP while leaving the SQL injection ban in place? We are seeing instances where our clients IPs are getting blocked. The specific version I am looking into is 89.2.20. I know it is old, but we can't force people to move forward.

Thanks,
Terri


Replies

 
Nicolai Pedersen
Reply

There is no such thing. Only option is to disable sql injection checks or whitelist the field (form or querystring parameter) that causes the ban.

 
Terri Donahue
Terri Donahue
Reply

This seems to be the cause of the block: 

/Admin/Filemanager/Browser/FileList.aspx
CloseOnSelect=True&Folder=%2fImages%2fmedia_assets%2fproducts%2fproduct_images&Mode=browseArchive&BrowseFolder=&Caller=ProductImageSmall&FileManagerAllowedExtensions=

How would I exclude that query string so this doesn't happen again?

 
Nicolai Pedersen
Reply
This post has been marked as an answer

add CloseOnSelect to the list of ignore fields - see this:

https://doc.dynamicweb.com/documentation-8/platform/advanced-settings/web-and-http#2153

Votes for this answer: 1
 
Terri Donahue
Terri Donahue
Reply

Thanks as always Nicolai.

 

You must be logged in to post in the forum