This solution applies to all Barracuda Web Application Firewalls, 7.x firmware and higher.
In firmware 7.x and higher, you have the ability to enable security checks against SQL Injection, OS Command Injection, Directory Traversal and Cross Site Scripting on a header. Navigate to Websites > Allow/Deny. Create a new Header Allow/Deny rule. Once the rule is created, edit the same header rule and you will see the option to enable all the security checks.
Link to this page: