About jianghxa

hi Team. Our production application triggered the "HTTP SQL Injection Attempt" threat alert, mainly ID: 33338 and ID: 36056 and ID: 36239 and ID: 54608; affecting the production business; an exception has been made, how can we determine which SQL statements triggered these threat IDs; we want to fix these vulnerabilities with such information.   The threat capture packets on the device are as follows. https://drive.google.com/drive/folders/190rJ8-04qr77uYMyNt5QIiL9eJaTEIEV?usp=sharing  ... View more

We then pass the data through http 2.0 in plaintext, the data length of http2 messages exceeding 65526 will be partially discarded, resulting in incomplete data and affecting normal operations. Currently, the solution is to turn off the HTTP 2.0 checks, not to do checks on HTTP 2.0, and the business is back to normal. May I ask if anyone has encountered such a situation? Do we have a limit on the length of data for http 2.0? I have a packet here that reproduces the failure site by playback as well.   Server-side packet： https://drive.google.com/file/d/16C8hxmlQuoYBU2Y1SmF26wlXEDBsrlat/view?usp=sharing  Client-side packet： https://drive.google.com/file/d/1iSdi0ByeOFpBH1lf7_Lvz89z1vfsTbvD/view?usp=sharing  https://drive.google.com/file/d/1iSdi0ByeOFpBH1lf7_Lvz89z1vfsTbvD/view?usp=sharing  ... View more