A potentially dangerous Request.Path value was detected from the client

1 year ago
Hi,

I have noticed the error below on a few of my sites and would like to know how to resolve the issue.
I am using nopcommerce 3.9.
Is there anyone that has experinced the same issue and how did you resolve it?

Log level: Error

Short message: A potentially dangerous Request.Path value was detected from the client (*).

Full message: System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (*). at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Customer: Guest
Page URL: https://www.youtstore.com/*|brand:logo|*

Regards,
11 months ago
I faced this issue several times. I found some urls or static file paths which contains special characters in my webpage. I removed them one by one and fixed them.
11 months ago
mhsjaber wrote:
I faced this issue several times. I found some urls or static file paths which contains special characters in my webpage. I removed them one by one and fixed them.

Jaber Kibria the best programmer I’ve seem!!!!!!!
10 months ago
mhsjaber wrote:
I faced this issue several times. I found some urls or static file paths which contains special characters in my webpage. I removed them one by one and fixed them.


Hi @mhsjaber,

Is there anyway that I can run a search maybe at database level to find all items that contain this sort of error?
10 months ago
Example:

SELECT [Id]
      ,[LogLevelId]
      ,[ShortMessage]
      ,[FullMessage]
      ,[IpAddress]
      ,[CustomerId]
      ,[PageUrl]
      ,[ReferrerUrl]
      ,[CreatedOnUtc]
  FROM [dbo].[Log]
WHERE [ShortMessage] LIKE '%A potentially dangerous%'
10 months ago
I have checked the logs already.  I am trying to determine where the site is getting this URL from.

I cannot find it anywhere on the site itself but it appears in the log.

Does anyone have the same problem or have an idea how I can track it down?
10 months ago
It appears in the log because 'hackers' are using various URLs to look for vulnerabilities in your site.  I see many similar messages like:

   A public action method '....php' was not found on controller 'Nop.Web.Controllers.BlogController'.

   The controller for path '/....php' was not found or does not implement IController.

You can just ignore them.  .php, .asp, etc. will not work against a nopCommerce site.

Consider using this setting  commonsettings.ignorelogwordlist