Security vunerability blocked by proxy

3 posts, 0 answers
  1. Georgi Tunev
    Georgi Tunev avatar
    7207 posts

    Posted 18 Oct 2010 Link to this post

    Hello Aaron,

    Basically, Telerik.Web.UI.WebResource.axd is the HTTP web resource handler some of RadControls use to fetch scripts, styles and sprite images. Unfortunately, ASP.NET resource handlers are not very much venerated by web security products, as they are often treated as a web security vulnerability. Part of the suspicious behavior of the script resource handlers is that there is no physical file named WebResource.axd (or ScriptResource.axd for standard ASP.NET ScriptManager) present in the web site root.

    Try creating an empty WebResource.axd file and see if you are getting the same warnings.

    Georgi Tunev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  2. Aaron
    Aaron avatar
    22 posts
    Member since:
    Nov 2008

    Posted 15 Nov 2010 Link to this post

    Basically the security firewall was identifying the Telerik WebResource as a potential threat.
    Rather than changing our code we were able to get security to whitelist Telerik resources, as our department has already marked Telerik as approved software.

Back to Top