Blocking of SQL Injection with F5 LTM 2000 and ASM module

Question

Hi,
I have a requirement to block known SQL injections for a hosted environment.&nbsp;
Will an F5 LTM 2000 and ASM module upgrade perform this basic functionality out of the box or with very minimal configuration (example: Tickbox to block known SQL exploits)&nbsp;

uni · Answer

You can't just tick the box. You need to create a virtual server and related pool and profiles, then create an ASM policy to apply to it. That policy can have all tests disabled except the SQL injection if you wish.

rob_carr · Answer

Provided you have all of the traffic handling elements created, configuring the ASM to protect your application from SQL Injection is really just a matter of making sure that you have the correct attack signature set assigned (which flavor of SQL do you need to protect?  MS-SQL or MySQL for example) to your security policy.&nbsp;
You'll need to look a the different methods for creating security policies to see which one works best for your environment.&nbsp;

Forum Discussion

Blocking of SQL Injection with F5 LTM 2000 and ASM module

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

WAF evasion techniques for Command Injection

Serverside SNI injection iRule

Mitigating OWASP Web Application Risk: Injection exploits using F5 BIG-IP

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Hardware Security Modules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS