A potentially dangerous Request.Path

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

A potentially dangerous Request.Path

Message

From

01/09/2011 08:28:40

Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada

All

General information

Forum:

ASP.NET

Category:

Other

Title:

A potentially dangerous Request.Path

Environment versions

Environment:

VB 9.0

OS:

Windows 7

Network:

Windows 2003 Server

Database:

MS SQL Server

Application:

Web

Miscellaneous

Thread ID:

01522446

Message ID:

01522446

Views:

197

If someone only enters something like this:

http://www.mydomain.exe/&

This will generate an IIS error such as:

A potentially dangerous Request.Path value was detected from the client (&).

The strack trace gives:

[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (&).]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +11481611
System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +184

I am tring to intercept that so it will not end up in the Event Viewer. So, this will make less things to check for in the Event Viewer and would avoid writing entries for nothing.

Basically, if that situation occurs, I would like to take control over it.

I try putting something in:

Sub Application_PreRequestHandlerExecute(ByVal sender As Object, ByVal e As EventArgs)

But, this does not even reach that yet. IIS blocks it right away. What can I do to handle the situation?

Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52

Map

View

Click here to load this message in the networking platform