General
SQL Firewall Extension for PostgreSQL Database Security
SQL Injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It’s one of the most common web application security issues.
sql_firewall is an extension developed by BiSoft for PostgreSQL that provides multi-layered protection against SQL injection, unauthorized data access, and misuse of database services.
This extension intercepts incoming SQL queries and analyzes them based on predefined rules, policies, and limits. It enhances database security by allowing only approved or safe query patterns to be executed.
Features
Multiple Operating Modes
learn: Logs all new command types to a rule table without blocking them, helping to build an initial ruleset.
permissive: Logs and warns about unknown commands, blocks queries that match regex rules.
enforce: Allows only previously approved commands to be executed and blocks all others.
Command-Based Approval System
Uses command-type based rule learning and enforcement (SELECT, INSERT, etc.) per user role, instead of full query hashes.
Blocks queries that match regular expressions. This is effective for detecting SQL injection patterns. Case-insensitive.
Keyword Blacklist
Blocks queries containing dangerous SQL keywords such as DROP, TRUNCATE, etc.
Rate Limiting
Limits total queries or specific command types (e.g., SELECT) per user within a specified time window.
Quiet Hours
Blocks query execution during specific time ranges like nighttime or maintenance windows.
Application Blocking
Blocks connections based on the application_name parameter.
Detailed Logging
Logs every allowed, blocked, or learned query with role, time, reason, and command type.
Extension Link : https://github.com/bisoftbilgi/bisoft-postgresql-toolkit/tree/main/sql_firewall






