Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A potentially dangerous Request.Path value was detected from the client (?) with valid URL

I have an ASP.NET MVC 4 Web Application running on IIS 7.5 for a few weeks now and I noticed that just recently I have been getting quite a lot of the following errors:
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (?). at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

I know that this exception is caused when the URL path contains illegal characters but the strange thing is that in my case the URL is valid. Here is one example of the URL: www.mysite.com/myApp/bookTitle?chapter=12&page=278.

However, when I try any of the reported links they are working fine and without any exceptions.

By looking at the Error Log I noticed that the query string doesn't show as a part of the QUERY_STRING variable but it is included along with the rest of the path in the PATH_INFO variable which looks like this:
/myApp/bookTitle?chapter=12&page=278. So it seems that the (?) is not recognized as the separator between the path and the query (maybe because of some kind of URL encoding) but I am not sure how to fix this.

Any help would be greatly appreciated.

like image 849
NightOwl89 Avatar asked Nov 11 '22 14:11

NightOwl89


1 Answers

When ASP.NET receives a request with the '?' character encoded as '%3F' it gives this error message. At the same time it decodes the '%3F' to a '?' character in the Request["PATH_INFO"] or Request.PathInfo variable.

If you look at Request["HTTP_URL"] or Request.Url.OrigionalString you might see something different.

like image 92
Martin Brown Avatar answered Nov 14 '22 23:11

Martin Brown