Monitoring - Handling potentially dangerous requests

Mikkel Ulstrup

Posted on 10/02/2020 15:18:27

Hi,

In the monitoring section, events have an Action (often "Unhadled"). I hope that this is actually "Handled", in the case of "dangerous requests" and "illegal characters"!

Could we get a status to see if Dynamicweb has actually prevented theese "attacks"? Or is that a given?

System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (="...T 1,NULL,'<script>alert("XSS")...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)

Kind regards

Mikkel Ulstrup

Replies

Nicolai Pedersen

Posted on 10/02/2020 15:25:42

Hi Mikkel

Unhandled in Dynamicweb means that Dynamicweb does not catch the given exception. The above is raised by ASP.NET/IIS before Dynamicweb is even active, and is therefore caught as an unhandled exception. But ASP.NET handles this for you. If you do a less intrusive attack that asp.net does not catch, but Dynamicweb catches, it will look differently.

BR Nicolai

Mikkel Ulstrup

Posted on 10/02/2020 15:30:30

Hi Nicolai,

Thanks for the fast reply. Good to know, that it is actually "handled"! Maybe it is the "Unhandled" wording that is confusing then

Lets close it here then.

- Mikkel

Developer forum

Monitoring - Handling potentially dangerous requests

Replies