Ban on SQLi despite PreventSQLi is set to detect

4 February 2017, 14:42

we recognize some strange behaviour when it comes to SQLi. We have set PreventSQLi to detect (for obvious reasons like you mentioned in the man page) and according to the manual it should only log and not react. But for some reasons, e.g. uploading a picture causes a log entry AND a ban. Moreover the ban is not logged anywhere. The SQLi is logged as expected into exploit.log. Setting PreventSQLi to no, solves this, but this should not be the expected behaviour?!

If this is a misunderstanding of the manual, please ignore this

4 February 2017, 16:35
I have config settings: PreventSQLi = no
and I get: SQL Injection Detected.
I can't post an article on my wordpress because of this.
although previously uploading 3 pictures was successful.
Hugo Leisink
5 February 2017, 10:05
Change line 643 of src/target.c to
if (session->host->prevent_sqli != p_no) {

Note that the banning is not set via the PreventSQLi option, but via the BanOnSQLi setting.
This topic has been closed.