Minio's SQL Injection Prevention Mechanism Disabled?

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: Minio防SQL注入机制解除?

| username: jaybing926


Uploading a data file containing the text “*select * from *” results in a 403 error.
Testing shows that as long as it contains these, it will report an error, but containing “drop / delete from” is fine.
Only tested with txt files, this happens. Excel files do not have this issue.

I suspect it is MinIO’s built-in SQL injection prevention mechanism.
How can I disable this mechanism?

| username: tidb狂热爱好者 | Original post link

This should be caused by your built-in bastion, firewall, or antivirus software.

| username: jaybing926 | Original post link

We don’t have a hardware firewall, and we’ve asked the data center, which also doesn’t have these restrictions. There is no antivirus software on the server either.

| username: ShawnYan | Original post link

I’m not familiar with min, so I posted a question for you on Stack Overflow:

| username: jaybing926 | Original post link


| username: buptzhoutian | Original post link

MinIO doesn’t have this feature. I found a similar version from 2022, but I couldn’t reproduce it. Please send the error message from the server when you get a 403.

| username: redgame | Original post link

I remember there is an enable-sql-injection-protection. If you find the related option, try setting it to false or commenting it out, then restart the minio service.

| username: buptzhoutian | Original post link

Source? Can you provide a document link?

| username: jaybing926 | Original post link

When uploading in the console, it reports this, 403.

It still seems to be an issue with the nginx proxy, but my nginx configuration is taken from the official documentation, so there shouldn’t be any problems.
The main issue is that it reports an error with special characters, which seems to be related to SQL injection prevention.

| username: jaybing926 | Original post link

Found the problem, it was a plugin on our self-used nginx exit that caused the restriction~ Thanks everyone~

| username: ShawnYan | Original post link

Is it an open-source plugin? Which plugin?

| username: 天蓝色的小九 | Original post link

Which plugin?

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.