Portal Engine Questions on portal engine and web parts.
Version 7.x > Portal Engine > A potentially dangerous threat View modes: 
User avatar
Kentico Legend
Kentico Legend
Brenden Kehren - 1/13/2014 8:45:28 AM
   
A potentially dangerous threat
I've read several posts regarding this and all my settings, configs, etc. are as they should be. I continue to receive this error although in an inconsistent manner:
Event ID:	79353
Event type: Error
Event time: 1/13/2014 5:40:58 AM
Source: Application_Error
Event code: EXCEPTION
User ID: 65
User name: public
IP address: 76.11.13.42

Description: Message: A potentially dangerous Request.Path value was detected from the client (?).
Stack Trace:
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Site name: <site>
Machine name: <server>
Event URL: /CMSModules/Forums/CMSPages/GetForumAttachment.aspx?fileguid=bd05ce07-7b10-40d5-90bc-0512e34b947f
URL referrer:
User agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Why would a built in method cause this kind of problem? Could it have to do with forum posts having special characters in them? How about file attachment issues?

I should mention I recently upgraded the site 7.0.11 --> 7.0.70 this past weekend.

User avatar
Member
Member
Accepted solutionAccepted solution
scott_hancock-urmc.rochester - 1/13/2014 12:30:00 PM
   
RE:A potentially dangerous threat
I've been getting the same error. In the past couple of weeks I've been noticing a bunch of errors in my error log like this:
EventDescription: Message: A potentially dangerous Request.Path value was detected from the client (?).
EventUrl: /getmedia/ed350b1f-bd73-4e29-9f74-86469e436453/brayer.aspx?width=100&height=130

I finally figured out, that this happens when someone clicks on one of our images in Google Image Search. It only happens on images in our media library that have been resized (so any image with a url like /getmedia/ed350b1f-bd73-4e29-9f74-86469e436453/brayer.aspx?width=100&height=130). Here is how to reproduce this.

1. Go to to Google and search for this: site:urmc.rochester.edu driving.aspx
2. Click on Images to go the Image search.
3. Click on the first image which will open the preview.
4. Click view image.
5. You will see an error.
6. Now to prove the image does exist, go here: http://www.urmc.rochester.edu/getmedia/3c7a3182-8621-42e5-85ce-35674ec12aa0/driving.aspx?width=325&height=217

I've reproduced this on the Kentico DevNet site.
1. Go here:

https://www.google.com/search?q=site:devnet.kentico.com&source=lnms&tbm=isch&sa=X&ei=lA3UUvyXNenMsQTK84LgBQ&ved=0CAcQ_AUoAQ&biw=1136&bih=650#facrc=_&imgdii=_&imgrc=RjmpSzQwhc5fjM%253A%3Bd8YMhF_znUO48M%3Bhttp%253A%252F%252Fdevnet.kentico.com%252Fgetattachment%252FBlogs%252FEva-Palbuchtova%252FJanuary-2012%252FKentico-is-exhibiting-at-Technology-for-Marketing%252Fdsc_9184.jpg%25253Fwidth%25253D780%252526height%25253D523%3Bhttp%253A%252F%252Fdevnet.kentico.com%252FBlogs%252FEva-Palbuchtova%252FJanuary-2012%252FKentico-is-exhibiting-at-Technology-for-Marketing.aspx%3B780%3B523

2. Click on View Image.
3. You will see an error.

It appears that the way the url is being encoded is causing a problem.

I'm running 7.0.63.

Thanks,
Scott

User avatar
Kentico Legend
Kentico Legend
Brenden Kehren - 1/13/2014 1:28:08 PM
   
RE:A potentially dangerous threat
Thanks for the info Scott. I knew there was something not quite right. Now on to find a solution because I don't want my error logs filled up with this junk.

Brenden

User avatar
Member
Member
scott_hancock-urmc.rochester - 1/22/2014 10:05:30 AM
   
RE:A potentially dangerous threat
I found a recent post on the Google Forums that sounds like our problem. You can see it here:

Google has stopped opening my images
http://productforums.google.com/forum/#!topic/webmasters/kr2ZnbEB3zA

Scott