Developer forum

Forum » Feature requests » Monitoring - Handling potentially dangerous requests

Monitoring - Handling potentially dangerous requests

Mikkel Ulstrup
Reply

Hi,

 

In the monitoring section, events have an Action (often "Unhadled"). I hope that this is actually "Handled", in the case of "dangerous requests" and "illegal characters"! smiley 

Could we get a status to see if Dynamicweb has actually prevented theese "attacks"? Or is that a given?

System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.QueryString value was detected from the client (="...T 1,NULL,'<script>alert("XSS")...").
at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)

 

Kind regards

Mikkel Ulstrup


Replies

 
Nicolai Pedersen
Reply

Hi Mikkel

Unhandled in Dynamicweb means that Dynamicweb does not catch the given exception. The above is raised by ASP.NET/IIS before Dynamicweb is even active, and is therefore caught as an unhandled exception. But ASP.NET handles this for you. If you do a less intrusive attack that asp.net does not catch, but Dynamicweb catches, it will look differently.

BR Nicolai

 
Mikkel Ulstrup
Reply

Hi Nicolai,

 

Thanks for the fast reply. Good to know, that it is actually "handled"! Maybe it is the "Unhandled" wording that is confusing then smiley

 

Lets close it here then.

 

- Mikkel