Developer forum

Forum » Swift » Search string is banning IP at DK

Search string is banning IP at DK

George Jaros

We had a client that reported an issue with a customer getting a 403 error and then not being able to access the site.  They were entering a value into a form that turned out was getting their IP banned, I'm guessing because it was being falsely flagged as a SQL injection attack.  We have been able to replicate this by searching for the value that they had entered.

This is the value that was being passed by the form that also results in getting banned when searched:  

4601 CVR 36'' x 96'' US26d'’ MLRXLM

There are several issues with this search phrase, including the right single quote mark (hex character 0x92) included after the apostraophe after US26d, plus the person using two apostrophes to search for inches instead of a double quote.  After a bit of trial and error and testing I found that the cause of the flag is having two single quotes (apostrophes) followed by any text and then a third single quote (apostrophe) in the search term.  So something like this also causes the ban:





36'' x 96''

However, these don't cause the ban:



Is this something that can be handled since they are legitimate (if poorly formed) search terms and not SQL injection attacks?  Or do we just have to tell the client that their customer entered invalid characters that were flagged as a security risk and hope they can educate their users better?


George Jaros

For some reason this also results in getting banned:

4601 CVR 36" x 96" US26d MLRXLM

Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen

Hi George

There are some complicated rules related to the scanning - you can see in monitoring which rule it was (hard to read as it is regex) and can be tested on i.e. why.

But you can mark the name of the field on the whitelist in security:


You must be logged in to post in the forum