从客户端(?)检测到具有有效URL的潜在危险的Request.Path值 [英] A potentially dangerous Request.Path value was detected from the client (?) with valid URL
问题描述
我有一个在IIS 7.5上运行了ASP.NET MVC 4 Web应用程序已有几个星期了,我注意到最近才收到很多以下错误:
System .Web.HttpException(0x80004005):从客户端(?)检测到潜在危险的Request.Path值。
在System.Web.HttpRequest.ValidateInputIfRequiredByConfig()中
在System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext上下文)
我知道此异常是在URL路径包含非法字符时引起的,但奇怪的是,在我看来,URL是有效的。这是URL的一个示例: www.mysite.com/myApp/bookTitle?chapter=12&page=278 。
但是,当我尝试任何报告的链接时,它们都可以正常工作,并且没有任何异常。
I have an ASP.NET MVC 4 Web Application running on IIS 7.5 for a few weeks now and I noticed that just recently I have been getting quite a lot of the following errors:
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (?).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
I know that this exception is caused when the URL path contains illegal characters but the strange thing is that in my case the URL is valid. Here is one example of the URL: www.mysite.com/myApp/bookTitle?chapter=12&page=278.
However, when I try any of the reported links they are working fine and without any exceptions.
通过查看错误日志,我注意到查询字符串不会显示为 QUERY_STRING 变量的一部分,但会与 PATH_INFO 变量中的其余路径一起显示,如下所示:
/ myApp / bookTitle?chapter = 12& page = 278 。
因此,似乎(?)无法识别为路径和查询之间的分隔符(可能是由于某种URL编码),但是我不确定如何解决此问题。
By looking at the Error Log I noticed that the query string doesn't show as a part of the QUERY_STRING variable but it is included along with the rest of the path in the PATH_INFO variable which looks like this:
/myApp/bookTitle?chapter=12&page=278.
So it seems that the (?) is not recognized as the separator between the path and the query (maybe because of some kind of URL encoding) but I am not sure how to fix this.
任何帮助将不胜感激。
推荐答案
当ASP.NET收到带有编码为'%3F'的'?'字符会给出此错误消息。同时,它在Request [ PATH_INFO]或Request.PathInfo变量中将'%3F'解码为'?'字符。
When ASP.NET receives a request with the '?' character encoded as '%3F' it gives this error message. At the same time it decodes the '%3F' to a '?' character in the Request["PATH_INFO"] or Request.PathInfo variable.
Request [ HTTP_URL]或Request.Url.OrigionalString,您可能会看到不同的内容。
If you look at Request["HTTP_URL"] or Request.Url.OrigionalString you might see something different.
这篇关于从客户端(?)检测到具有有效URL的潜在危险的Request.Path值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
