A potentially dangerous Request.Path value was detected from the client (:)

3
votes

I'am getting sometimes the following error on my published web app with ELMAH:

System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

in the URL reported by elmah I get:

/https:/domain.com/

Do I have to put the following line in my web.config, to fix it?:

<httpRuntime requestValidationMode="2.0" />

What this really means? I should be careful about this?

1
asp.net-mvc-3elmah

1 Answers

4
votes

These are usually either bots crawling your sites, or hackers trawling for vulnerabilities. Normally they are nothing to worry about. Probably you just want elmah to ignore these errors. Add a filter:

<errorFilter>
<test>
    <regex binding="Exception.Message" 
           pattern="(?ix: \b potentially \b.+?\b dangerous \b.+?\b value \b.+?\b detected \b.+?\b client \b )" />
</test>

http://code.google.com/p/elmah/wiki/ErrorFilterExamples