In my web logs I see thousands of error messages like A potentially dangerous Request.Path value was detected from the client (:). and the url in question is something like:
{valid site url}/https:/adserver.video/sync/03635d2e5423be5c297a9b6f812b727e/%3Faction=in&uid=5053622972360253088
As far as I can tell, this isn't coming from anything on my site. Is this an attack of some kind? Or could it be some badly behaved third party js library that I'm using incorrectly? There's nothing on the net about this, so does anyone recognize this url?
Related
Consider the following situation:
I have a MVC setup where the view invokes a mapper to get a specific URL for a href attribute. The mapper holds keys to make the referencing easy.
Now the view requests an invalid key, so the mapper responds with say /invalid_url. But the dispatcher knows this URL and when a user clicks the link an error message will be displayed about how bad we feel.
But what if the Google Bot visits this invalid URL?
What would a search engine friendly status code be? I feel like 500 would be appropriate because it is a server side failure. But then this has the feeling of being a temporary error or somehow not related to the URL but to the internal mechanics. The other option that comes to mind is 404. This is also valid because the requested page does not exist. However 4xx errors are client side errors ("You requested the wrong URL. So it's basically your error"). And it just doesn't feel like a client side error to me.
Am I overthinking things? Should I just go with 404?
When I have a question like this, I refer to a site like http://www.restapitutorial.com/httpstatuscodes.html
5xx error codes imply that the server made a mistake. But you're saying the view (client-side) requested the wrong key. That sounds like a client-side error to me. While it's not the user's fault, the server doesn't know this, and the requested URL really doesn't exist. So a 404 would be appropriate.
But this is a weird case, and you should still want to fix the underlying issue of the client consistently(?) requesting a bad url.
I am working on an ASP.NET website. The website's users are sent an email with a link to the site. The link will look something like this:
https://<website>/Default.aspx?LC=<guid>
where the "LC" parameter is their login code. The "LC" parameter is the only parameter we ever put on the link. It's also possible to go directly to the Default.aspx page without a code and type one in at the prompt.
Here's the problem: on rare occasions (but consistently since the site launched), I've been getting an error report from the Global.asax handler that says:
12:24:41 ERROR Global.asax - Application_Error - unhandled error:
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (&).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
I have no idea why I keep getting these messages. I've tried logging HttpContext.Current.Request.RawUrl to see the actual URL the client is using, but all I ever get is this:
/&
and HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath reports as:
~/&
Is there some way I can log the "real" request and see where this ampersand is coming from? The LC parameter value is always a GUID so it would never have an ampersand in it. Also, this problem does not seem to happen for 99% of the site users. For all I know this is being caused by a bot or something, but if it's happening to real users I'd like to find out why.
We recently implemented a new error page on our website which sends emails to the webmaster containing the most recent server exception. We are running a ASP.NET 4 application, and last night we got many emails that were all the same error:
A potentially dangerous Request.Path value was detected from the client (:).
These errors we have seen before, but the odd thing is the path that is being requested. It is always the path:
http://www.mydomain.com/css/about:blank
I have scoured the different pages and can find no anchor tag that appears to point to any link like this. Is this an issue with our application or something else? In other words, do we need to fix anything or just ignore these?
Also, this path was requested consistently, seemingly by the same users, and often was requested from multiple pages they visited. User-agents ranged from Firefox to IE7 and 8.
Have you done anything like this in your css: background-image:url(about:blank);
This shouldn't generate a http request however so I suspect you might have maybe a ./about:blank in there instead.
I just updated our website to .NET 4.0 and ever since then I'm getting the following exception.
"A potentially dangerous Request.Path value was detected from the client (:)."
The request URL is: "https://OURDOMAIN:443/:/0"
This request is from many different IPs but the client app seems to always be IE 6.0-8.0.
Why do we keep getting requests for ":/0" and how can we stop this filling our event logs?
Update:
It turns out it was a bad javascript file that was creating the erroneous request. Now I just need to figure out what's going awry in the js file.
The request has to be coming from somewhere.
Do you have an invalid link on your page pointing to it?
Maybe check your Routes in the Global.asax.cs file.
I'm finding this problem every now and then in my production website, and it has me absolutely stumped...
My app works perfectly in both dev and production, but every now and then, I get an e-mail from my global error handling with this:
MESSAGE: This is an invalid webresource request.
URL: /WebResource.axd
(which means that for some reason webresource.axd was requested without specifying any GET parameters)
I'm not doing anything with webresource.axd myself, I don't get any of my resources through it, it's only used automatically by .Net to serve it's typical JS for validators, etc.
Any idea why this might be getting requested without parameters?
Has anyone encountered this?
That definitely is a bot not doing very good job of crawling your web site. It processes your web form and locates reference to WebResource.axd, for example:
<script src="/site/WebResource.axd?d=MtIW_TBRtZCvAXDMJGwg4g2&t=633772897740666651" type="text/javascript"></script>
The bot expects static JavaScript files only and tries to download it by requesting WebResource.axd without parameters. The result is an exception thrown by System.Web.Handlers.AssemblyResourceLoader class and intercepted by Application_Error in Global.asax.
I believe this exception is harmless - the client will receive 404 error. You can safely ignore it.
We also have all of our errors emailed to us, and we occasionally get those too. They never seem to have a referrer, and the user agent is usually a little wacky. We write them off as bots.
I just checked a couple of the offending client IP's against Arin, and one them belonged to a web-spidering-type organization, so there's a little more evidence for the bot theory.
I would also log the useragent that made the request to WebResource.axd. It wouldn't surprise me if it was a bot crawling your site.
This discussion...
http://www.telerik.com/community/forums/aspnet/spell/this-is-an-invalid-webresource-request.aspx
... and this linked MSDN article...
http://msdn.microsoft.com/en-us/magazine/cc163708.aspx
... might shed a little light (though not much).