SQL Injection

What It Means

This request attempted to exfiltrate or manipulate data from your application by injecting SQL commands into input fields, URL parameters, or other request data.

Why It Matters

SQL injection is one of the most critical web application vulnerabilities. A successful attack can expose your entire database — user credentials, personal information, payment data — or allow an attacker to modify or delete records. It is consistently ranked as a top web application security risk.

Common Triggers

Requests containing SQL keywords and syntax in form fields (e.g., ' OR 1=1--), URL parameters with database query fragments, or encoded SQL statements in POST data. Automated scanners test for SQL injection vulnerabilities across every input your application accepts.

What To Do

These blocks are almost always legitimate threat detection. If a block is affecting real users, check whether your application sends SQL-like syntax in normal requests (such as search queries containing words like “SELECT” or “DROP”) and use Path Allowlisting to exempt those specific endpoints.