Is there any way to prevent sql injection attack?

Loveyou3000 146 Reputation points

As title said, I want to do this on IIS not application . Can IIS do this by adding some special setting or install any module?

Internet Information Services
0 comments No comments
{count} votes

Accepted answer
  1. Bruce Zhang-MSFT 3,736 Reputation points

    Hi @Loveyou3000 ,

    Yes, you can set it on IIS request filtering module. Please refer to this document.

          <filteringRule name="SQLInjection" scanUrl="false" scanQueryString="true">  
                <clear />  
                <add fileExtension=".asp" />  
                <add fileExtension=".aspx" />  
                <add fileExtension=".php" />  
                <clear />  
                <add string="--" />  
                <add string=";" />  
                <add string="/*" />  
                <add string="@" />  
                <add string="char" />  
                <add string="alter" />  
                <add string="begin" />  
                <add string="cast" />  
                <add string="create" />  
                <add string="cursor" />  
                <add string="declare" />  
                <add string="delete" />  
                <add string="drop" />  
                <add string="end" />  
                <add string="exec" />  
                <add string="fetch" />  
                <add string="insert" />  
                <add string="kill" />  
                <add string="open" />  
                <add string="select" />  
                <add string="sys" />  
                <add string="table" />  
                <add string="update" />  
                <clear />  

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Bruce Zhang

0 additional answers

Sort by: Most helpful