We have a web application which has a search form, users are allowed to enter in some text and we limit the results based on what they enter. recently we started receiving the following error:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$results_search="...967.hcpm, <a href="http://www....").
This error is happening throughout the day, everyday, which seems to be coming from a bot, looking at the error seems like the bot is placing html ahref links into the search field and trying to search, resulting in the error.
After searching around I see there are two ways in which we can handle this, either use Jquery or turn validateRequest to false and then use htmlencode in the code behind page. Does anyone know if the jquery code will work on a bot? I’m not sure how the bot is doing this, if it’s hitting the page and clicking the button or sending a request some other way, as the button click is what causes the postback to trigger search, we use POST so nothing is send via url to the search page, the page just posts back to itself and on PostBack is when the search is done.
One solution we had was to record these errors against the IP and block access at the application level if they submit too many.
It’s not bomb proof but cut down the number we had. however it still involves engineering and processing but saves you having to faff with IIS.
However there’s really little you can do. They will spam your form and blocking the IP is only a short term solution, they will hit you from multiple IP etc. Just make sure your validation is tight and you’re not susceptible to things like injection attacks and ignore it, it’s a fact of life these days.
We regularly get hit like this, especially from places like China.