This is a migrated thread and some comments may be shown as answers.

Grid Filter does not work on live due to WAF

1 Answer 230 Views
Grid
This is a migrated thread and some comments may be shown as answers.
Kai
Top achievements
Rank 2
Kai asked on 09 Oct 2012, 01:25 PM
Dear all,
I have an asp.net webapp (4.0) using the RadGrid. It works as expected. But after deploying to live system, the filter does not work anymore. On our live system we have a Web Application Firewall (WAF) which checks for some security problems. One rule (set up by our Headquarter) is to deny values like semi-colon and "and" in the same line, e.g. a filter like " a; and b" results in a denial message from the WAF. As said, it's setup by Headquarter so I could not discuss that.
Now I have the problem that even a filter like "a and b" would not work. It's still denied for security reasons. I've checked the post and saw that "__EVENTARGUMENT" contained "FireCommand:ctl00$MainContent$MyGrid$ctl00;Filter;Subject|a and b|Contains". So here we have again semicolon and "and". Probably that's the reason for the denial.
Is there any way to get the semi-colons removed or replaced in the __EVENTARGUMENT?
Thanks!

1 Answer, 1 is accepted

Sort by
0
Antonio Stoilkov
Telerik team
answered on 12 Oct 2012, 08:20 AM
Hi Kai,

The semicolons and "and" are keywords and specific to the RadGrid filtering design. Unfortunately if you replace the __EVENTARGUMENT string the RadGrid will not be able to correctly filter the data on the server because it expects string that contains semicolon which uses to separate the different arguments. There is no available workaround for the experienced issue.

Regards,
Antonio Stoilkov
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
Tags
Grid
Asked by
Kai
Top achievements
Rank 2
Answers by
Antonio Stoilkov
Telerik team
Share this question
or