I have one client that is accessing our site but appears to be using some type of proxy. When they visit our site root I get an exception logged.
System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:). at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
which sounds like they just put a colon in the path where it shouldn't be but inspection of the IIS logs shows me this
2019-08-21 12:37:43 W3SVC3 SRVR19-WFARM201A 10.212.132.21 HEAD /https:/www.mysitedomain.com/ - 443 - 10.291.191.22 HTTP/1.1 Test+Certificate+Info - - www.mysitedomain.com 400 0 0 1733 592 203 188.8.131.52:34246
This is the only person I see issuing a HEAD HTTP command, and their user agent is odd also.
Is there anyway to gracefully handle this in ASP.NET with MVC so it doesn't get caught as a dangerous request?
User contributions licensed under CC BY-SA 3.0