Forums (Obsolete)

Old Forums

ASPX templates

Version 3.x > ASPX templates > Potentially dangerous request.path

View modes:

Member

sini.sivasankaran-solarwinds - 8/2/2012 7:49:29 AM

Potentially dangerous request.path

Hi,

A potentially dangerous Request.Path value was detected from the client (&).

Apart from changing the web.config for

<pages validateRequest="false" /> and
<httpRuntime requestValidationMode="2.0"/>

What else would be required? We have to avoid XSS as well.

The CMS dll shows product version 6.0.

Thanks,
Sini

Kentico Developer

kentico_ivanat - 8/11/2012 3:33:40 PM

RE:Potentially dangerous request.path

Hi,

Is seems that you are using such link somewhere in your web site which is not correct and user clicked on such link, and it throws error message. For example in case query parameters of some url are not encoded.

Do you know how to reproduce this issue on your web site? It is also possible that somebody (some bot) was testing your site. In this case the above message in the event log would not be harmful and the system reacted correctly.

It would be better if you tried to find which link/url generated above message instead of disabling request validation.

Best regards,
Ivana Tomanickova


Member	sini.sivasankaran-solarwinds - 9/3/2012 9:05:49 AM RE:Potentially dangerous request.path Hi Ivana, We can put in any junk url on our hosted web site and it will throw such kinds of error. So I was hoping to handle such issues by handling illegal characters in the URL. Thanks, Sini

Kentico Developer

kentico_ivanat - 9/5/2012 9:18:34 AM

RE:Potentially dangerous request.path

Hi,

xss protection si described in the security document

Actually the url parameters are checked, therefore you can see the error message in the event log. It is only information that some invalid request was done. It does not mean that the attack was successful.

Or did you mean something else?

Best regards,
Ivana Tomanickova

Top