1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Any way to fix this besides disabling Request.Validate?

Discussion in 'Security' started by TheGateKeeper, Feb 14, 2012.

  1. #1
    Hi guys, I get about errors a day all similar to this:
    SEMrush
    "System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (?)."

    "HTTP_CONNECTION:keep-alive HTTP_ACCEPT:*/* HTTP_ACCEPT_ENCODING:gzip, deflate HTTP_ACCEPT_LANGUAGE:en-us HTTP_COOKIE:__utma=145384224.318957917.1329232990.1329232990.1329232990.1; __utmb=145384224.1.10.1329232990; __utmc=145384224; __utmz=145384224.1329232990.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=hindu%20tattoo HTTP_HOST:www.easymuaythai.com HTTP_REFERER:http://www.google.com/search?um=1&hl=en&client=safari&tbo=d&biw=768&bih=928&tbm=isch&sa=1&q=hindu+tattoo&oq=hindu+tattoo&aq=f&aqi=g10&aql=&gs_sm=3&gs_upl=286712l289980l0l290393l8l8l0l0l0l0l222l932l3.4.1l8l0 HTTP_USER_AGENT:Mozilla/5.0 (iPad; CPU OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3"

    Ok so I did some research and this is because asp.net automatically guards against HTML injection in the URL.

    Now I did paste the URL in my browser and it didn't give me any errors.

    Does anyone know what can cause this?

    Some things that come to mind:

    -I have a url rewrite rule in IIS to stop image hotlinking
    -I can disable request.validation, but this hardly seems like a good solution.

    Thanks for any input.
     
    TheGateKeeper, Feb 14, 2012 IP
    SEMrush
  2. kmap

    kmap Well-Known Member

    Messages:
    2,215
    Likes Received:
    29
    Best Answers:
    2
    Trophy Points:
    135
    #2
    here is solution i hope it helps

    Please try to set ValidateRequest="false" in the page directive. Depending on what version of ASP.NET you are using, you may need to add the following web.config setting:

    <httpRuntime requestValidationMode="2.0" />



    Regards

    Alex
     
    kmap, Feb 14, 2012 IP
  3. TheGateKeeper

    TheGateKeeper Greenhorn

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #3
    Hardly seems like a good solution to me.

    Why is this error thrown anyway? There is no html in that url.
     
    TheGateKeeper, Feb 14, 2012 IP
  4. TheGateKeeper

    TheGateKeeper Greenhorn

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #4
    Bump, please help
     
    TheGateKeeper, Feb 14, 2012 IP
  5. TheGateKeeper

    TheGateKeeper Greenhorn

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #5
    Bump, please help
     
    TheGateKeeper, Feb 15, 2012 IP