Blocking of SQL Injection with F5 LTM 2000 and ASM module

Question

Hi,
I have a requirement to block known SQL injections for a hosted environment.&nbsp;
Will an F5 LTM 2000 and ASM module upgrade perform this basic functionality out of the box or with very minimal configuration (example: Tickbox to block known SQL exploits)&nbsp;

uni · Answer

You can't just tick the box. You need to create a virtual server and related pool and profiles, then create an ASM policy to apply to it. That policy can have all tests disabled except the SQL injection if you wish.

rob_carr · Answer

Provided you have all of the traffic handling elements created, configuring the ASM to protect your application from SQL Injection is really just a matter of making sure that you have the correct attack signature set assigned (which flavor of SQL do you need to protect?  MS-SQL or MySQL for example) to your security policy.&nbsp;
You'll need to look a the different methods for creating security policies to see which one works best for your environment.&nbsp;

Forum Discussion

Blocking of SQL Injection with F5 LTM 2000 and ASM module

2 Replies

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

[ASM] - How to disable the SQL injection attack signatures

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Logging/Blocking possible prompt injection

LLM Prompt Injection Detection & Enforcement

WAF evasion techniques for Command Injection

Serverside SNI injection iRule

What’s New in the NGINX Plus R36 Native OIDC Module

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS