Exactly how to block a SQL injection attack?
AEM as a Cloud Service does not offer configurable IP block lists out of the box. Hence use Apache
mod_redirect or any other approved module on the Dispatcher at project level.
SQL injection is prevented by design: The default CQ setup does neither include nor require a traditional database. All data is stored in a content repository (CRX). All access is limited to authenticated users and can only be performed through the JCR API. SQL is supported for search queries only (