The 5th annual nopCommerce conference will take place in India on the 10th-11th of October. Please find more about this event here

A potentially dangerous Request.Path value was detected from the client

Posted: July 30, 2019 at 7:14 AM Quote #243104
Hi,

I have noticed the error below on a few of my sites and would like to know how to resolve the issue.
I am using nopcommerce 3.9.
Is there anyone that has experinced the same issue and how did you resolve it?

Log level: Error

Short message: A potentially dangerous Request.Path value was detected from the client (*).

Full message: System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (*). at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Customer: Guest
Page URL: https://www.youtstore.com/*|brand:logo|*

Regards,
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 15, 2019 at 9:28 AM Quote #244714
I faced this issue several times. I found some urls or static file paths which contains special characters in my webpage. I removed them one by one and fixed them.
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Jaber Kibria
Software Engineer | nop-station.com
Email: [email protected]
----------------------------------------------------------------
Expertise in .NET Framework, Algolia, Plugins, Themes, Customization, Upgrade, API

Please upvote if it helps.
Posted: August 16, 2019 at 12:34 PM Quote #244759
mhsjaber wrote:
I faced this issue several times. I found some urls or static file paths which contains special characters in my webpage. I removed them one by one and fixed them.

Jaber Kibria the best programmer I’ve seem!!!!!!!
This post/answer is useful
-1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 11, 2019 at 2:53 AM Quote #246094
mhsjaber wrote:
I faced this issue several times. I found some urls or static file paths which contains special characters in my webpage. I removed them one by one and fixed them.


Hi @mhsjaber,

Is there anyway that I can run a search maybe at database level to find all items that contain this sort of error?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 11, 2019 at 6:10 AM Quote #246106
Example:

SELECT [Id]
      ,[LogLevelId]
      ,[ShortMessage]
      ,[FullMessage]
      ,[IpAddress]
      ,[CustomerId]
      ,[PageUrl]
      ,[ReferrerUrl]
      ,[CreatedOnUtc]
  FROM [dbo].[Log]
WHERE [ShortMessage] LIKE '%A potentially dangerous%'
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Posted: September 12, 2019 at 2:14 AM Quote #246186
I have checked the logs already.  I am trying to determine where the site is getting this URL from.

I cannot find it anywhere on the site itself but it appears in the log.

Does anyone have the same problem or have an idea how I can track it down?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 13, 2019 at 5:54 AM Quote #246282
It appears in the log because 'hackers' are using various URLs to look for vulnerabilities in your site.  I see many similar messages like:

   A public action method '....php' was not found on controller 'Nop.Web.Controllers.BlogController'.

   The controller for path '/....php' was not found or does not implement IController.

You can just ignore them.  .php, .asp, etc. will not work against a nopCommerce site.

Consider using this setting  commonsettings.ignorelogwordlist
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
www.noptools.com
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.
eCommerce CONFERENCE 2019
Learn more