SQL Injection Engine

Overview

ProxySQL 2.0.9 integrates libsqlinjection to detect potential SQL injection attacks by analysing query fingerprints.

Enabling Detection

Enable the variable mysql-automatic_detect_sqli to activate SQL injection detection.

Integration with Firewall Whitelist

When mysql-automatic_detect_sqli=1:

Whitelist disabled — All queries are analysed
Whitelist enabled — Only non-whitelisted queries are checked for users in DETECTING mode
Whitelisted queries bypass the SQL injection engine entirely

Fingerprint Whitelisting

The mysql_firewall_whitelist_sqli_fingerprints table allows administrators to whitelist specific query fingerprints:

CREATE TABLE mysql_firewall_whitelist_sqli_fingerprints (
    active INT CHECK (active IN (0,1)) NOT NULL DEFAULT 1,
    fingerprint VARCHAR NOT NULL,
    PRIMARY KEY (fingerprint) )

Field	Description
`active`	Enables/disables the entry
`fingerprint`	The libsqlinjection-generated fingerprint to allow

Error Logging

ProxySQL logs detected attacks with fingerprints:

[ERROR] SQLinjection detected with fingerprint of 'Eoknk' from client user@host

Runtime Management

Load fingerprint rules using:

LOAD MYSQL FIREWALL TO RUNTIME;

The runtime table is named runtime_mysql_firewall_whitelist_sqli_fingerprints.

Best Practice

Combine SQL injection detection with firewall whitelisting to significantly reduce false positives.

Overview​

Enabling Detection​

Integration with Firewall Whitelist​

Fingerprint Whitelisting​

Error Logging​

Runtime Management​

Best Practice​