Posted On: Jul 26, 2022

AWS WAF now supports setting sensitivity levels for SQL injection (SQLi) rule statements, giving you greater control over how AWS WAF evaluates requests to your applications for SQLi attacks.

A SQLi attack involves inserting malicious SQL code into web requests to extract data from or cause harm to your database. AWS WAF offers a SQLi rule statement that detects SQLi signatures in the web request. Today, AWS WAF is introducing two sensitivity level settings for SQLi rules: HIGH and LOW. Sensitivity levels allow you to define how aggressively the SQLi rule statement is enforced. All existing SQLi rule statements will default to LOW sensitivity, which will not change your existing rule evaluation logic. The HIGH setting uses additional SQLi signatures to detect more SQLi attacks and is the recommended setting. Note that with this setting WAF will aggressively block SQLi patterns which can generate more false positives.

You can start using SQLi sensitivity levels by creating a new rule or configuring an existing rule using the custom rule creation wizard and selecting a sensitivity level. When a request is evaluated by the SQLi rule, AWS WAF will apply the SQLi rule according to the sensitivity level you configured. WAF logs now also include a ‘sensitivitylevel’ field for easier identification and tracking. AWS WAF uses web ACL capacity units (WCUs) to measure the operating resources required to run your rules. High-sensitivity SQLi rules consume 30 WCUs, while low-sensitivity SQLi rules will continue to consume 20 WCUs. There is no additional cost to using the sensitivity level setting for SQLi rules, but standard service charges for AWS WAF still apply.

You can start using sensitivity levels for SQLi rules in all regions and for all supported services, including Amazon CloudFront, Application Load Balancer, Amazon API Gateway, and AWS AppSync. AWS WAF is a web application firewall that helps protect your web application or API from common web exploits and malicious bots. For detailed information, see the AWS WAF developer documentation. See the AWS WAF Pricing page for pricing details. AWS Firewall Manager is a security management service that enables you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. Firewall Manager supports configuring sensitivity levels for SQL injection rules.