A potentially dangerous Request.Path value was detected from the client (:)

Question

I'am getting sometimes the following error on my published web app with ELMAH:

System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

in the URL reported by elmah I get:

/https:/domain.com/

Do I have to put the following line in my web.config, to fix it?:

<httpRuntime requestValidationMode="2.0" />

What this really means? I should be careful about this?

Answer 1

These are usually either bots crawling your sites, or hackers trawling for vulnerabilities. Normally they are nothing to worry about. Probably you just want elmah to ignore these errors. Add a filter:

<errorFilter>
<test>
    <regex binding="Exception.Message" 
           pattern="(?ix: \b potentially \b.+?\b dangerous \b.+?\b value \b.+?\b detected \b.+?\b client \b )" />
</test>

http://code.google.com/p/elmah/wiki/ErrorFilterExamples