Security & WAF
Per-domain rule
boolean
enable_sql_injection_protection
Screen this domain's requests for SQL-injection payloads.
- Config key
enable_sql_injection_protection- Scope
- Per-domain rule
- Type
- boolean
- Default
false
Turns SQL-injection screening on for the domain. Requests whose URL or body contain recognised injection patterns are rejected before reaching the origin. Requires the global master switch to be on as well.
⚡Cost
Screening inspects request content, so there is a small per-request cost. It is negligible next to a database round-trip and well worth it on any path that reaches a SQL backend.
enable_sql_injection_protection = true