This is a migrated thread and some comments may be shown as answers.

Absolute Uri Telerik.Web.UI.WebResource.axd

1 Answer 249 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
Kjell
Top achievements
Rank 1
Kjell asked on 18 Apr 2020, 01:54 PM

What is it that generates these URLs, and how do I prevent it?

https://sleddogsport.net/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=RadScriptManager1_TSM&compress=1%20UNION%20ALL%20SELECT%20NULL%2CNULL--%20MlUT&_TSM_CombinedScripts_=%3b%3bSystem.Web.Extensions%2C%20Version%3d4.0.0.0%2C%20Culture%3dneutral%2C%20PublicKeyToken%3d31bf3856ad364e35%3Aen-US%3Ab7585254-495e-4311-9545-1f910247aca5%3Aea597d4b%3Ab25378d2%3bTelerik.Web.UI%2C%20Version%3d2019.3.1023.45%2C%20Culture%3dneutral%2C%20PublicKeyToken%3d121fae78165ba3d4%3Aen-US%3A31c1007e-e7fa-44f7-ae68-66127a1ad6ab%3A16e4e7cd%3A33715776%3Af7645509%3A24ee1bba%3Ac128760b%3A88144a7a%3A1e771326%3Aeaae47ab

1 Answer, 1 is accepted

Sort by
0
Rumen
Telerik team
answered on 21 Apr 2020, 09:13 AM | edited on 08 Apr 2022, 08:14 AM

Hello,

The Telerik.Web.UI.WebResource.axd handlers are used to import the resources files (CSS and JavaScript) of the Telerik UI for ASP.NET AJAX controls in the page, e..g

If you do not want to have Telerik.Web.UI.WebResource.axd handlers, my advice is to:

Enable the CDNs Telerik provides (for scripts and skins) so WebResources are used as rarely as possible (only some dialogs, the binary image, and file uploads will keep using web resources):

inline

<telerik:RadStyleSheetManager ID="RadStyleSheetManager1" runat="server">
    <CdnSettings TelerikCdn="Enabled" />
</telerik:RadStyleSheetManager>
<telerik:RadScriptManager ID="RadScriptManager1" runat="server"    
    CdnSettings-TelerikCdn="Enabled">
</telerik:RadScriptManager>


or in the web.config

<appsettings>   
    <add key="Telerik.ScriptManager.TelerikCdn" value="Enabled" />   
    <add key="Telerik.StyleSheetManager.TelerikCdn" value="Enabled" />
</appsettings>

An optional step after testing the above point is to enable the MS AJAX CDN by setting EnableCdn="true" inside the asp:ScriptManager or telerik:RadScriptManager declaration.

Regards,
Rumen
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
VeriFone
Top achievements
Rank 1
commented on 08 Apr 2022, 05:37 AM

We are also facing similar issue. Tried all these but could not fix this issue.  Please advise what is the fix for this? 

Is it required to upgrade the latest Telerik jquery version to 3.6.0? 

Rumen
Telerik team
commented on 08 Apr 2022, 08:29 AM

Hi VeriFone, 

I noticed that you have posted the question in the following forum thread Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=ScriptManager1_TSM as well as in your support ticket #1560877 - Telerik.Web.UI.WebResource.axd?_TSM_HiddenField

Do the answers provided by my colleagues Vessy and Attila were helpful?

The jQuery version embedded in the suite is a custom one with applied all security fixes issued by the jQuery developers, but if you want you can configure the controls to use an external version of jQuery.

If they are trying DoS,  you can tighten the security of the server by applying the recommendations at Using Dynamic IP Restrictions. Please also check whether the IP address of the hacker is from your network or from outside.

 

 

 

Tags
General Discussions
Asked by
Kjell
Top achievements
Rank 1
Answers by
Rumen
Telerik team
Share this question
or