0

I know that this has been discussed many times, but I have a different type of question. I am seeing an error in my event viewer "A potentially dangerous Request.Form value was detected from the client (content=..."

What I do NOT want to do is to turn off validation such as this post: A potentially dangerous Request.Form value was detected from the client

So I do NOT want to do these:

validateRequest="false"
<httpRuntime requestValidationMode="2.0"/>

The issue itself is that these errors are coming from clients usually in groups of about 10. What happens is that a certain IP address will send these type of messages for a few minutes, and then stop, and then a different IP address will start the attack again in a few hours. To me it seems that a virus has taken over these computers and the virus is using them to attack my site.

The strange part is that the form in question is an error page to catch when user goes to a page that is not found (404 error). The "virus" is trying to go to a guestadd.asp page, which I don't have. There is no input field with the name "content", so am confused as how to validate a non-existing field. (Unless I am just missing it).

My question is how can I prevent this so that it does not allow it to submit? What am I doing wrong? I am able to block any info coming out, but this is quite annoying, and I don't want to be vulnerable to attack. I can post code if requested.

Community
  • 1
  • 1
illinoistim
  • 456
  • 10
  • 27
  • Can you pls clarify - "the form in question is an error page"? re: why is it a `
    ` (error page)? Realistically though, at the end of the day, **any** client can spoof `POST` or `GET` requests.     – EdSF Apr 10 '14 at 17:19
  • @EdSF thanks for your help. Since the page it is looking for (guestadd.asp) doesn't exist, it is going to my custom error page. This error page is a content page inside of a master page. There is a textbox in the master page, but it is called txtSearch, not input. Does that make it clear? Is there anything that I can do? – illinoistim Apr 10 '14 at 18:12
  • @illinoistim Were you able to resolve this? I'm having the exact same issue: a request is being made to a non-existent guestadd.asp page that is going to my custom error page. It comes sporadically from different IPs. – swandog Jun 04 '14 at 19:38
  • @swandog No I haven't been able to find a solution outside of blocking the IPs. Like you said, it is coming from different IPs, so that is not very effective. If you do find an answer, please post here. The best practice is to simply have a custom error page like you have in order to handle it. There doesn't seem to be any negative effects outside of the annoying event viewer messages. – illinoistim Jun 05 '14 at 13:25

0 Answers0