验证的Application_BeginRequest前的要求吗? [英] Validate request before Application_BeginRequest?
问题描述
我想应用程序之前执行aditional的验证开始读取请求的输入,结束可疑的要求的基础上,头和表单数据之类的东西。
I trying to perform aditional validation before application start reading the input of the request, to end suspicious request, based on headers and form data or something like that.
有没有可能?
[更新]
我聚焦prevent说的BeginRequest和ins't抓之前发生由ASP .NET验证一个零日vunerability。
I'm focusing in prevent a zero day vunerability that occurs before BeginRequest and ins't catch by ASP .net validation.
如果我能控制在创建HttpWebRequest对象的,我可以检测到这种攻击。
If I could control the creation of the HttpWebRequest object I could detect this attack.
[解决方案]
可以使用本机模块来解决。
It can be solved using a native module.
有关创建本机模块,可以在这里找到(使用C ++)信息: HTTP://learn.iis。净/ page.aspx / 169 /开发 - 一个原生-CC-模块的-IIS /
Information about a creating a native module can be found here (using C++): http://learn.iis.net/page.aspx/169/develop-a-native-cc-module-for-iis/
零日漏洞,我是说在这个博客帖子描述: <一href="http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx" rel="nofollow">http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx
The zero day vulnerability I was talking is described in this blog post: http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx
我做了一个修复它(是pre的释放,不适合用于生产),并可以在GitHub上找到:的 https://github.com/ginx/HashCollisionDetector
I made a fix for it (is a pre release, not suitable for production) and can be found on GitHub: https://github.com/ginx/HashCollisionDetector
感谢所有帮助。
推荐答案
可以使用本机模块来解决。
It can be solved using a native module.
本机模块任何ASP .NET验证之前执行。
Native module are executed before any ASP .net validation.
有关创建本机模块的信息可以在这里找到(使用C ++)的 http://learn.iis.net/page.aspx/169/develop-a-native-cc-module-for-iis/
Information about a creating a native module can be found here (using C++): http://learn.iis.net/page.aspx/169/develop-a-native-cc-module-for-iis/
这篇关于验证的Application_BeginRequest前的要求吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
