This incident type refers to the detection of SQL injection attempts in Apache web server logs. SQL injection is a type of cyber attack that exploits vulnerabilities in web applications allowing attackers to execute malicious SQL statements. In this incident, attackers are attempting to inject SQL code into the URI (Uniform Resource Identifier) of an Apache web server, potentially compromising the server's security and exposing sensitive information.
Parameters
Debug
Show the last 100 lines of Apache access log
Show all unique IP addresses that accessed the server in the last 24 hours
Show all GET requests with SQL injection attempts
Show all POST requests with SQL injection attempts
Show the Apache configuration file
Show all enabled Apache modules
Show all Apache virtual hosts
Show the Apache error log
Repair
Update and patch the Apache server to the latest stable version to prevent the exploitation of known vulnerabilities.
Create or Modify ModSecurity Rule to prevent SQL injection attacks.
Learn more
Related Runbooks
Check out these related runbooks to help you debug and resolve similar issues.