bugmagnet

Asked: 2021-01-13 18:19:20 +0800 CST2021-01-13 18:19:20 +0800 CST 2021-01-13 18:19:20 +0800 CST

In IIS Request Filtering, is the case of the string important?

When in the Edit Filtering Rule dialog in IIS, is the case of the string, e.g. cast( important?

We're seeing SQL injection attack attempts that have the string in various combinations of upper- and lower-case, like cAsT(. Do we need to be specific? I would expect that the module doesn't expect one to think of all the possible combinations but I can't find it clearly stated as the case in any of the online re

1 Answers

Voted

Best Answer

Peter Hahndorf
2021-01-14T01:00:23+08:002021-01-14T01:00:23+08:00
The case of the filter strings is not important. A rule with cast should also work for cAst or CAST. This can easily be tested.
0

In IIS Request Filtering, is the case of the string important?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?