Rule History

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible SQLi Attempt in User Agent (Inbound)"; flow:established,to_server; http.user_agent; content:"select"; nocase; distance:0; fast_pattern; content:"from"; nocase; within:20; reference:url,blog.cloudflare.com/the-sleepy-user-agent/; classtype:trojan-activity; sid:2022816; rev:4; metadata:created_at 2016_05_17, confidence Medium, signature_severity Major, updated_at 2020_08_20;)