“403: Access Forbidden Attempted SQL injection in POST” returned when using a SQL Joomla Extension, how to fix.

Published in Joomla

 

403-access-forbidden-sql-jooml-ijection-error1.jpg

 

If you are using a Joomla extension to execute SQL queries and get the error "403: Access Forbidden, Attempted SQL injection in POST" don’t worry, I think I can help.

 

First, click here if you were searching for How to execute SQL queries from the Joomla Administration backend easily.

Unfortunately “403: Access Forbidden Attempted SQL injection in POST” isn’t a very helpful error.

What the error is saying is that someone is trying to execute some SQL and it’s been blocked (of course someone is trying to execute some SQL, you!). The reason access is forbidden is probably because you are using a plugin/component for Joomla to add additional protection agains SQL injections (someone else trying to execute SQL).

 

In my case I was using the component RS Firewall. If you are not using RS Firewall but have some other Joomla component for blocking SQL injections then you may need to disable it. Hopefully in the configuration of the SQL injection protection component you can disable this functionality only for the Joomla extension you need to run the SQL (instead of turning it off completely).

What I had to do to get rid of  the  “403: Access Forbidden Attempted SQL injection in POST" error:

  • Login to the Joomla backend
  • Go to the component RS firewall (SCREENSHOT:)

firewall-configuration-button-RS-firewall1.jpg

  • Click on the icon “Firewall Configuration”
  • Click on the tab “RSFirewall Active Scanner”

RS-fairewall-active-scanner-screenshot1.jpg

And then click on the SQL component you want the scanning process to exclude and save (or apply) the change.

Once you have excluded the Joomla component you are using for executing SQL queries in the administrator backend in Joomla from the component which is blocking SQL Injections, you should no longer get the “403: Access Forbidden Attempted SQL injection in POST” error.