A potentially dangerous Request.Path

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

A potentially dangerous Request.Path

Message

01/09/2011 09:20:11

Viv Phillips
Hay-On-Wye, Royaume Uni

01/09/2011 08:47:43

Michel Fournier
Level Extreme Inc.
Petit-Rocher, Nouveau-Brunswick, Canada

Information générale

Forum:

ASP.NET

Catégorie:

Autre

Titre:

Re: A potentially dangerous Request.Path

Versions des environnements

Environment:

VB 9.0

OS:

Windows 7

Network:

Windows 2003 Server

Database:

MS SQL Server

Application:

Web

Divers

Thread ID:

01522446

Message ID:

01522448

Vues:

>By default, the Web.Config httpRuntime requestPathInvalidCharacters is set up to intercept seven characters. If it finds them in the path, this will generate the situation. It is possible to adjust the parameter to remove the & from the list. But, then again, this will generate HTTP Error 404.0 - Not Found. So, basically, we might as well let it go. It is just that it records entries in the Event Viewer under Warnings and we have to check that on occasional basis to see if there is something we need to adjust.

Hadn't come across this but it appears you can override the default validation by specifying your own class derived from RequestValidator:
http://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationtype.aspx
Just a question of overriding IsValidRequestString (and maybe supplying validationFailureIndex).....

Répondre

Fil

Voir

Click here to load this message in the networking platform