Hi,
We have a problem and strongly suspicious about telerik components about this request.
Our firewall and .net seem the below url as dangerous because of first & sign. We checked our scripts and codes which has a potential to generate such a url, but we couldn't find.
http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7
Can you please check that your components may generate such a request url ?
We are getting first exception and then the second one, even we cannot find any strong relationship between them, they seems sequentially...
Telerik.Web.UI version : 2012.1.411.40
Telerik.Web.UI.Skins version : 2012.1.411.40
Telerik.Web.Design version : 2012.1.411.40
Thank you,
dogu
First exception:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 06.05.2014 08:48:24
Event time (UTC): 06.05.2014 05:48:24
Event ID: e2f92e7b72fb4fedbeacc2af4c66ffc3
Event sequence: 5897
Event occurrence: 4
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT-1-130438116095242020
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\
Machine name: xxx
Process information:
Process ID: 9652
Process name: w3wp.exe
Account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
Exception information:
Exception type: HttpException
Exception message: A potentially dangerous Request.Path value was detected from the client (&).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Request information:
Request URL: http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7
Request path: /$$$&?&?$$$
User host address: 1.2.3.4
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
Thread information:
Thread ID: 148
Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
Is impersonating: False
Stack trace: at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Second Exception:
System.NullReferenceException: Object reference not set to an instance of an object.
at Telerik.Web.UI.RadCompression.GetCompressionSettingAttribute()
at Telerik.Web.UI.RadCompression.ShouldApplyOnPostback()
at Telerik.Web.UI.RadCompression.ShouldExplicitlyAddContentEncoding()
at Telerik.Web.UI.RadCompression.application_EndRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
We have a problem and strongly suspicious about telerik components about this request.
Our firewall and .net seem the below url as dangerous because of first & sign. We checked our scripts and codes which has a potential to generate such a url, but we couldn't find.
http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7
Can you please check that your components may generate such a request url ?
We are getting first exception and then the second one, even we cannot find any strong relationship between them, they seems sequentially...
Telerik.Web.UI version : 2012.1.411.40
Telerik.Web.UI.Skins version : 2012.1.411.40
Telerik.Web.Design version : 2012.1.411.40
Thank you,
dogu
First exception:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 06.05.2014 08:48:24
Event time (UTC): 06.05.2014 05:48:24
Event ID: e2f92e7b72fb4fedbeacc2af4c66ffc3
Event sequence: 5897
Event occurrence: 4
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT-1-130438116095242020
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\
Machine name: xxx
Process information:
Process ID: 9652
Process name: w3wp.exe
Account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
Exception information:
Exception type: HttpException
Exception message: A potentially dangerous Request.Path value was detected from the client (&).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Request information:
Request URL: http://xxx/$$$&?&?$$$?cmd=get_file&arg=block_style.css&sid=2721D35AB490C1FAA14DC203E330729AE1AD88B7
Request path: /$$$&?&?$$$
User host address: 1.2.3.4
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
Thread information:
Thread ID: 148
Thread account name: IIS APPPOOL\ASP.NET v4.0 DefaultAppPool
Is impersonating: False
Stack trace: at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Second Exception:
System.NullReferenceException: Object reference not set to an instance of an object.
at Telerik.Web.UI.RadCompression.GetCompressionSettingAttribute()
at Telerik.Web.UI.RadCompression.ShouldApplyOnPostback()
at Telerik.Web.UI.RadCompression.ShouldExplicitlyAddContentEncoding()
at Telerik.Web.UI.RadCompression.application_EndRequest(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)