Forum Discussion

Altostratus

Dec 31, 2019

How to block Time-Based Blind SQL Injection Attacks

I have a web app and a PT was successful to perform this attack: https://mywebsite/Login.aspx?test=;waitfor delay '0:0:__TIME__'— The VS has ASM profile with server technologies: IIS MSSQL ASP....

Altostratus

Dec 31, 2019

I have noticed that Parameter * was in staging

and URL * was in staging.

Enforcing them made the attack to be blocked.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to block Time-Based Blind SQL Injection Attacks

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

Demystifying Time-based OTP

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Time based iRule example

WAF evasion techniques for Command Injection

OWASP Mitigation Strategies Part 1: Injection Attacks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS