It is strongly recommended to enable this feature! It is used to protect against hackers' illegal operations on databases, such as data tampering, database dumping, and Cross-Site Scripting (XSS) attacks.
| SQL injection occurs when a web application fails to properly validate or strictly filter user-input data, allowing attackers to submit malicious SQL statements. This enables the database to execute malicious queries, thereby further obtaining corresponding data information (such as data tampering, database dumping, etc.). |
Injection protection can be applied to "GET," "POST," and "HEADER" modes, and different filtering keywords can be set for each.
Click "Update Library" in the top-right corner to download the keyword library from the cloud.
Whitelist:
Given the potential side effects of SQL injection protection, a dedicated whitelist is provided.
The global whitelist applies to the entire "Website Protection" module, while the whitelist here only applies to the SQL Injection Protection module.
If a URL address does not require SQL injection protection but needs other protections (such as for the website backend), it can be added to this whitelist.
