Block cross-site scripting (XSS) and SQL injection attacks with Next Generation Firewall
- Article Number: 000010101
- Products: Next Generation Firewall (NGFW)
- Version: 6.8, 6.7, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 6.0, 5.9, 5.8, 5.7, 5.10
- Last Published Date: September 14, 2020
Problem Description
Block cross-site scripting (XSS) and SQL injection attacks with Forcepoint Next Generation Firewall |
Resolution
Note TLS inspection must be configured to implement protection for attacks performed in TLS/SSL encrypted connections such as HTTPS. For more information on configuring this, please see the Setting Up TLS Inspection section in the Next Generation Firewall product guide that matches your release. To block SQL injection and XSS attacks:
Note The Situation cell contains the traffic patterns that you want the rule to match. The Situation cell accepts Situation, Situation Type, Tag, and Vulnerability elements. Because we used the Vulnerability elements in the rules, if there are any new SQL injection or XSS situations in new update packages then those will be automatically included in these rules as the new situations would be included in the used vulnerabilities.
Note The situations included in the SQL-Injection and the HTTP-Possible-Cross-Site-Scripting vulnerability are not terminated by default in the inspection policy templates because they may create false positives in some environments.
When terminating SQL Injection or XSS situations, to avoid false positives in other traffic, the exception rules in inspection policy should be limited so the destination includes only your protected servers. To ensure there are no unacceptable false positives in your environment, you can first Permit them and set the logging option to Stored, with excerpt and payload. If there are matches to these situations, the payload excerpt and other information about matching connections and packets are then visible in the details of that log entry. This way, if matches are determined to be false positives, exceptions can be made for those sources or destinations.
Keywords: ngfw; block cross-site; script; xss; sql injection; attacks; tls; ssl; https |
Article Feedback
Want 24/7 Tech Support?
Learn more