{ "id": "api/rest-query-parameter-sql-injection-blocked", "signature": "400 Bad Request: Query parameter contains blocked SQL keywords", "signature_zh": "400 错误请求:查询参数包含被屏蔽的 SQL 关键字", "regex": "Query parameter contains blocked SQL keywords|SQL injection pattern detected|blocked.*SQL", "domain": "api", "category": "security_error", "subcategory": null, "root_cause": "API gateway or WAF (Web Application Firewall) flagged a query parameter value as containing SQL injection patterns (e.g., SELECT, DROP, UNION) and rejected the request.", "root_cause_type": "generic", "root_cause_zh": "API 网关或 WAF(Web 应用防火墙)将查询参数值标记为包含 SQL 注入模式(例如 SELECT、DROP、UNION)并拒绝了该请求。", "versions": [ { "version": "AWS WAF 2024", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Cloudflare WAF 2023", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Kong Gateway 3.5", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "nginx ModSecurity 3.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "Modern WAFs decode URL-encoded payloads before inspection; double encoding may work temporarily but is often patched quickly and violates API standards.", "fail_rate": 0.85, "condition": "", "sources": [] }, { "action": "", "why_fails": "This removes critical security protection, making the API vulnerable to actual SQL injection attacks; not recommended for production.", "fail_rate": 0.95, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Use POST requests with JSON body instead of GET with query parameters for search/filter endpoints that accept user input that may contain SQL keywords. This moves the payload out of the URL where WAF rules are typically less aggressive.", "success_rate": 0.9, "how": "Use POST requests with JSON body instead of GET with query parameters for search/filter endpoints that accept user input that may contain SQL keywords. This moves the payload out of the URL where WAF rules are typically less aggressive.", "condition": "", "sources": [] }, { "action": "Add a WAF exception rule for the specific parameter name (e.g., 'search' or 'query') if the parameter is known to accept arbitrary text that may include SQL-like patterns as legitimate data (e.g., a code search tool).", "success_rate": 0.85, "how": "Add a WAF exception rule for the specific parameter name (e.g., 'search' or 'query') if the parameter is known to accept arbitrary text that may include SQL-like patterns as legitimate data (e.g., a code search tool).", "condition": "", "sources": [] } ], "workarounds_zh": [ "对于接受可能包含 SQL 关键字的用户输入的搜索/过滤端点,使用 POST 请求加 JSON 体代替 GET 加查询参数。这将负载移出 URL,WAF 规则通常对请求体不那么激进。", "如果某个参数(如 'search' 或 'query')已知会接受可能包含类似 SQL 模式的任意文本作为合法数据(例如代码搜索工具),则为该特定参数名称添加 WAF 例外规则。" ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-whitelist.html", "official_doc_section": null, "error_code": null, "verification_tier": "ai_generated", "confidence": 0.86, "fix_success_rate": 0.88, "resolvable": "true", "first_seen": "2024-01-08", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }