有潜在危险的Request的 [英] A potentially dangerous Request.Path
问题描述
最近收到了很多这样的错误。我做了一些研究,发现这是因为在输入文本中检测到HTML。这是否意味着有人试图破解我的网站?
Been getting a lot of errors like this lately. I did some research and found that this is because html was detected in the input text. Does this mean that someone is trying to hack my website?
我可以通过关闭页面验证从happeneing停止此,但实在很难似乎是一个很好的解决方案。
I can stop this from happeneing by turning off page validation, but this hardly seems like a good solution.
下面是从错误之一的一些信息:
Here is some info from one of the errors:
HTTP_CONNECTION:keep-alive HTTP_ACCEPT:*/* HTTP_ACCEPT_ENCODING:gzip, deflate HTTP_ACCEPT_LANGUAGE:en-us HTTP_HOST:www.easymuaythai.com HTTP_REFERER:http://www.google.com/search?q=symbolic+tattoos&hl=en&client=safari&tbo=d&source=lnms&tbm=isch&ei=u5c1T8L-JfLYiAKRs5ixCg&sa=X&oi=mode_link&ct=mode&cd=2&ved=0CAkQ_AUoAQ&biw=1024&bih=622 HTTP_USER_AGENT:Mozilla/5.0 (iPad; CPU OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3
不知道它的问题,但我有我的IIS以prevent图片盗链的规则。
Don't know if it matters, but I have a rule in my IIS to prevent image hotlinking.
感谢。
推荐答案
首先,你给这里的字符串,好像在 Google图片作为两个词(象征性的纹身)某些搜索,最终到您的网站。也许它错误的,但话已做您的网站。
First the string you give here seems like some search on google images for two words (symbolic tattoos) and end up to your site. Maybe its false, but the words have do with your site.
99.9%,这个调用不能攻击
现在默认情况下,ASP.NET照顾每个输入,也许使用脚本注入,或渲染页面上的任何内容。但是你知道这个你familure后,哪些是你必须做的,你可以禁用它。
Now asp.net by default take care for every input that maybe use for script injection, or render anything on page. But after your familure with this and you know what you must do you can disabled it.
做什么::您可以读取任何东西,但使用HtmlEn code或UrlEn code,如果你把它们放在URL,或属性恩$ C $把它们写页c。如果放在属性此输入。如果导入他们在SQL然后也照顾与参数应用,使您的SQL查询。
What to do: You can read anything, but write them on page using HtmlEncode, or UrlEncode if you place them on URL, or Attribute Encode if you place this input on attributes. If you import them on SQL then also take care to make your sql queries with parametres.
图片盗链只检查是否引用从您的网站来,我不认为有这种错误的事情。如何过,因为这是一个图片搜索,也许是一个点击这个谷歌图像上,谷歌的创建一个脚本来显示上面这个图片,这部分是如何抛出一个错误...嗯,也许必须做...
The image hotlinking just check if the reference come from your site and I do not think that have to do with this error. How ever because this is an image search, maybe the one is click on this google image, the google creates a script to show this image above and this some how is throw an error... hmmm maybe have to do...
我发现<一个href=\"http://www.google.com/imgres?start=12&hl=en&client=safari&sa=X&biw=1181&bih=580&addh=36&tbm=isch&tbnid=ELqfKzUpNc6OdM:&imgrefurl=http://www.easymuaythai.com/post/2012/01/28/Muay-Thai-Tattoo.aspx&docid=9zvGgxN0HMA_DM&imgurl=http://www.easymuaythai.com/image.axd%253Fpicture%253D2012%25252F1%25252FGanesh.jpg&w=375&h=500&ei=lGQ2T8WzNsqR0AXYi8W1Ag&zoom=1\"相对=nofollow>你给的是这里这里是你的用户出来,从上面看参考的链接。从谷歌浏览器没有任何错误。
I found the link that you give is here Here is what your users come and see from the above reference. From google chrome is not make any error.
此链接上面的引用链接上找到。
This link is found on the above reference link.
<一个href=\"http://www.google.com/search?q=symbolic+tattoos&hl=en&client=safari&tbo=d&source=lnms&tbm=isch&ei=u5c1T8L-JfLYiAKRs5ixCg&sa=X&oi=mode_link&ct=mode&cd=2&ved=0CAkQ_AUoAQ&biw=1024&bih=622\" rel=\"nofollow\">http://www.google.com/search?q=symbolic+tattoos&hl=en&client=safari&tbo=d&source=lnms&tbm=isch&ei=u5c1T8L-JfLYiAKRs5ixCg&sa=X&oi=mode_link&ct=mode&cd=2&ved=0CAkQ_AUoAQ&biw=1024&bih=622 HTTP_USER_AGENT:Mozilla的/ 5.0(iPad的; CPU OS 5_0_1,例如Mac OS X)为AppleWebKit / 534.46(KHTML,例如Gecko)版本/ 5.1移动/ 9A405的Safari / 7534.48.3
http://www.google.com/search?q=symbolic+tattoos&hl=en&client=safari&tbo=d&source=lnms&tbm=isch&ei=u5c1T8L-JfLYiAKRs5ixCg&sa=X&oi=mode_link&ct=mode&cd=2&ved=0CAkQ_AUoAQ&biw=1024&bih=622 HTTP_USER_AGENT:Mozilla/5.0 (iPad; CPU OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3
这篇关于有潜在危险的Request的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
