SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Guru pinch's Avatar
    Join Date
    Mar 2005
    Posts
    688
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Gracefully Handling

    I'm getting quite a few .NET exceptions in my logs as a result of social media sites requesting images I've designated using open graph, etc. I believe these particular requests are coming from Facebook, and what they're doing is requesting specific images but appending &cfs=1 to the end (i.e. "wide-receiver-rankings.jpg&cfs=1").

    I assume that the exception must be causing a problem when someone is sharing my content, but I'm not sure how to avoid the .NET exception and serve the image properly. Here is a sample exception:

    Exception information:
    Exception type: System.Web.HttpException
    Exception message: A potentially dangerous Request.Path value was detected from the client (&).

    Request information:
    Request URL: http://www.cheatsheetwarroom.com/ima...ings.jpg&cfs=1
    Request path: /images/socialsharing/rankings/wide-receiver-rankings.jpg&cfs=1

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    The default settings for url scanning are real tight for content apps where you will get valid but technically bad urls due to badly coded tools. You can back this off very easily -- see http://msdn.microsoft.com/en-us/libr...v=vs.110).aspx for some details and http://www.hanselman.com/blog/Experi...equestURL.aspx for a deeper explanation.

    PS: you can't gracefully handle this, the web runtime kicks this off before your exception handling can really step in.

  3. #3
    SitePoint Guru pinch's Avatar
    Join Date
    Mar 2005
    Posts
    688
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks. I was able to remove '&' from the list of invalid characters, and through this I was able to get past the 'dangerous Request.Path' error.

    Code:
    requestPathInvalidCharacters="<,>,*,%,:,\"
    However, now the ASP.net engine just thinks that the URL is pointing to a non-existent resource (presumably because it thinks the '&cfs=1' is part of the file name). Is there a way at this point to strip-off the trailing characters and just serve the image? This will deprive whatever application is requesting the resource of the URL parameters, but at least it won't get an exception. I'm not sure if this is a better solution or not.

    Is there any way to determine where these requests are coming from? I can't find much information on the url variables I'm seeing but what little I did find seems to hint that it's coming from Facebook.

  4. #4
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    You could probably strip that pretty easily with a url rewrite or something.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •