Forum Discussion

Cirrocumulus

Aug 04, 2025

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Hi Team , can someone explain me the attack type - end-quote UNION and the solution to allow this signature to specific url/uri/parameter only. Attack Type : SQL-Injection Detect...

Nacreous

Aug 04, 2025

You got this because the world UNION detected between quotes

Union is an SQL command so it match the signature

If you click the Accept button an exception will be automatically be created for the specific parameter.

Else you can manually create one under Security → Application Security → Parameters select you policy and create a parameter
Therre you can define the parameter name, the url and the attack signature you want to exclude.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

expandsSubcollections and filtering in F5 SDK

Building new F5 replica

F5 upgrades

R2600 device and tenant/partition configuration

Dnssec deployment

Related Content

What really breaks the "end-to-end nature of the Internet"

"end" Prompt in CLI

HTTPS true "End to End" encryption

uri blocking using negative "not end with"?

Want to remove "/" at the end of uri

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS