c# HttpRequestValidationException

Question

I have a c# asp.net app running on an Amazon EC2 however I am getting a validation error:

Exception type: HttpRequestValidationException

Exception message: A potentially dangerous Request.RawUrl value was detected from the client (="...h&content=<php>die(@md5(HelloT...").

The logs show that the request url was:

http://blah.com/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>

Where does that PHP die script come from? Is this some kind of security breach and I have no idea how to debug this.

Answer 1

This is due to a built-in ASP.Net feature called "Request validation" which causes an exception to be thrown to prevent attacks whenever dangerous characters are found in e.g. the query string. In this case, it is probably caused by the < character, which is forbidden to make attacks such as Cross Site Scripting harder. As such, the error indicates that the attempt to access your site was stopped before your application code was even invoked.

The query string in your example is probably generated by some automated attack script or botnet that is throwing random data at your site to try to breach it. You can safely ignore this particular instance of the attack, since you're not running PHP. That being said, as others have commented, it does indicate that someone is trying to get in, so you should consider taking appropriate security measures either in your application code or in your network/hosting setup. What these are is both out of scope for this site and hard to say without knowing a lot more about your context, however.