How to validate Request.RawUrl in Application_BeginRequest event in Global.asax.cs file?

Question

Some bots are requesting URLs like www.example.com/test-</p><p>they-are-angry... which is creating A potentially dangerous exception in my asp.net application.

I need to validate the HttpContext.Current.Request.RawUrl in Application_BeginRequest event of Global.asax.cs file and if it is invalid I will redirect to another error page.

I do NOT want to set validateRequest="false" or requestValidationMode="2.0" but want to redirect to a particular error page if Request.RawUrl is invalid.

How to achieve this? Is there any Asp.Net predefined method to validated this URL?

Any help is highly appreciated!

score 0 · Answer 1 · edited May 23 '17 at 10:32

If you want to just redirect to an error page, you can simply configure customErrors or implement global error handlers as detailed in existing post and on MSDN.

However, if you want to delay validation until later, such as Application_BeginRequest, you can disable request validation and invoke it explicitly, as mentioned in Imran's blog:

1. set requestValidationMode="2.0"

2. invoke Request.ValidateInput()

protected void Application_BeginRequest()
{
    Request.ValidateInput();
    var q = Request.QueryString;
}

How to validate Request.RawUrl in Application_BeginRequest event in Global.asax.cs file?

1 Answers1