Forum management
- Threads started by me
- Threads I participate in

Developer forum

SQL injection

Terri Donahue

Posted on 22/10/2019 19:24:16

Hi Team,

Is there a way to whitelist an IP while leaving the SQL injection ban in place? We are seeing instances where our clients IPs are getting blocked. The specific version I am looking into is 89.2.20. I know it is old, but we can't force people to move forward.

Thanks,
Terri

Replies

Nicolai Pedersen

Posted on 23/10/2019 10:21:55

There is no such thing. Only option is to disable sql injection checks or whitelist the field (form or querystring parameter) that causes the ban.

Terri Donahue

Posted on 23/10/2019 14:32:44

This seems to be the cause of the block:

/Admin/Filemanager/Browser/FileList.aspx

CloseOnSelect=True&Folder=%2fImages%2fmedia_assets%2fproducts%2fproduct_images&Mode=browseArchive&BrowseFolder=&Caller=ProductImageSmall&FileManagerAllowedExtensions=

How would I exclude that query string so this doesn't happen again?

Nicolai Pedersen

Posted on 23/10/2019 16:27:09

This post has been marked as an answer

add CloseOnSelect to the list of ignore fields - see this:

https://doc.dynamicweb.com/documentation-8/platform/advanced-settings/web-and-http#2153

Votes for this answer: 1

Terri Donahue

Posted on 23/10/2019 16:42:29

Thanks as always Nicolai.

You must be logged in to post in the forum