Developer forum

Forum » Ecommerce - Standard features » Using scanner-app for input to search leads to injection ban

Using scanner-app for input to search leads to injection ban

E-mail notifications
Lauritz Holtze Dynamicweb Employee
Lauritz Holtze
Reply
Posted on 18/11/2024 14:42:05

Hi,

I have a customer where some customers are using a scanner for input/search to products. This often leads to an injection ban and their IP being blocked to DW. Is there a way to prevent this, but still keep injection security?

 

Latest example:

**HIDDEN IP*;2024-11-09T10:53:37;Injection ban: Match on QueryString eq (((\%2f|\%47|/)(\%2a|\%42|\).(\%2a|\%42|\*)(\%2f|\%47|/)))

Is there anything we can do in the security settings to allow this but still evade attempted injections? 

 

Thanks a lot!


Replies

 
Nuno Aguiar Dynamicweb Employee
Nuno Aguiar
Posted on 18/11/2024 15:09:07
Reply
This post has been marked as an answer

Hi Lauritz

 

Add q,eq to the ignored fields in Security

 

That will exclude those querystring parameters (the free text search used in Swift) to be excluded from the IP Banner.

 

Best Regards,

Nuno Aguiar

Votes for this answer: 1
 
Lauritz Holtze Dynamicweb Employee
Lauritz Holtze
Posted on 19/11/2024 15:17:38
Reply

Hi Nuno!

Thanks a lot! I'll test this!

 

You must be logged in to post in the forum