c# - A potentially dangerous Request.Path value was detected from the client (*)

Question

Welcome To Ask or Share your Answers For Others

c# - A potentially dangerous Request.Path value was detected from the client (*)

asked Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

c# - A potentially dangerous Request.Path value was detected from the client (*)

I am receiving the rather self explanatory error:

A potentially dangerous Request.Path value was detected from the client (*).

The issue is due to * in the request URL:

https://stackoverflow.com/Search/test*/0/1/10/1

This url is used to populate a search page where 'test*' is the search term and the rest of the url relates to various other filters.

Is there an easy way to allow these special characters in the URL? I've tried modifying the web.config, to no avail.

Should I manually encode / decode the special characters? Or is there a best practice for doing this, I would like to avoid using query strings. - but it may be an option.

The application itself is a c# asp.net webforms application that uses routing to produce the nice URL above.

Question&Answers:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-16T21:22:14+0000

If you're using .NET 4.0 you should be able to allow these urls via the web.config

<system.web>
    <httpRuntime 
            requestPathInvalidCharacters="&lt;,&gt;,%,&amp;,:,,?" />
</system.web>

Note, I've just removed the asterisk (*), the original default string is:

<httpRuntime 
          requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,,?" />

See this question for more details.

Categories

c# - A potentially dangerous Request.Path value was detected from the client (*)

c# - A potentially dangerous Request.Path value was detected from the client (*)

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags