Input validation and sanitization rules are most effective against SQL injection, not just blocking specific characters or encrypting traffic.
The most effective WAF configuration for mitigating SQL injection attacks is to implement strict input validation and sanitization rules. These rules should check for and sanitize or block common SQL injection patterns, such as single quotes, double dashes, and UNION statements, while also validating input types and lengths.