locked
How to solve A potentially dangerous Request.Form in asp.net? RRS feed

  • Question

  • User-1456459296 posted

    Actually we are created application using asp.net. after run the asp.net application then user enter * or : or any Html tags in end of the url the enter then throw following  errors,

    A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$txtTextResume="<a href=http://seabr...").

    A potentially dangerous Request.Path value was detected from the client (:).

    A potentially dangerous Request.Path value was detected from the client (&).

    these errors are throws in url

    For Ex: www.abc.com\page1.aspx*

              or

             www.abc.com\page1.aspx:

    Etc...

     some others sites are handled this.

    let me know if any body knows.

    Thanks in Advance

     

    Friday, April 25, 2014 5:15 AM

Answers

All replies

  • User-1716253493 posted

    In web.config you can set page validaterequest to false

    <pages validateRequest="false" enableViewStateMac="false" enableEventValidation="false" >

    or page in page directive

    <%@ Page ValidateRequest="false" ... %>

    If you use netframework 4 or greater set validation mode to 2.0 in web.config

    <httpRuntime requestValidationMode="2.0" />

    Friday, April 25, 2014 5:25 AM
  • User-933257319 posted

    if it is .net 4.0 you need to add below entry in web.config,
    <system.web>
       
    <httpRuntime requestValidationMode="2.0" />
    </system.web>

     

    Friday, April 25, 2014 5:32 AM
  • User-1456459296 posted

    Thanks for oned_gk but. i used two lines in web.confiq then throw same error in LocalHost.

    Give me any other ideas,

     

    Friday, April 25, 2014 5:54 AM
  • User-933407369 posted

    hi santhosh,

    According to your description, you try adding request filtering to block these bad requests causing issues as follows:
       

      <security>
           <requestFiltering>
             <filteringRules>
               <filteringRule name="Block Bad UserAgent" scanUrl="false" scanQueryString="false">
                 <scanHeaders>
                   <add requestHeader="User-Agent" />
                 </scanHeaders>
                 <denyStrings>
                   <add string="Test Certificate Info" />
                 </denyStrings>
               </filteringRule>
             </filteringRules>
           </requestFiltering>
         </security>

    please refer to the links for details:

    A potentially dangerous Request.Path value was detected from the client (:)

    http://forums.iis.net/t/1207702.aspx?A+potentially+dangerous+Request+Path+value+was+detected+from+the+client+

    A potentially dangerous Request value was detected from the client

    ASP.NET 4.0 potentially dangerous Request.Form value was detected

    http://www.codeproject.com/Tips/297679/A-potentially-dangerous-Request-Form-value-was-det

    Hope it helps you.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, April 28, 2014 3:52 AM