System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client from a bot?

Question

We have a web application which has a search form, users are allowed to enter in some text and we limit the results based on what they enter. recently we started receiving the following error:

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$results_search="...967.hcpm, <a href="http://www....").

This error is happening throughout the day, everyday, which seems to be coming from a bot, looking at the error seems like the bot is placing html ahref links into the search field and trying to search, resulting in the error.

After searching around I see there are two ways in which we can handle this, either use Jquery or turn validateRequest to false and then use htmlencode in the code behind page. Does anyone know if the jquery code will work on a bot? I'm not sure how the bot is doing this, if it's hitting the page and clicking the button or sending a request some other way, as the button click is what causes the postback to trigger search, we use POST so nothing is send via url to the search page, the page just posts back to itself and on PostBack is when the search is done.

Answer 1

In the web.config file, within the tags, insert the httpRuntime element with the attribute requestValidationMode="2.0".

Example:

<configuration>
<system.web>
<httpRuntime requestValidationMode="2.0" />
</system.web>
</configuration>