000037597 - A potentially dangerous Request.QueryString value was detected from the client in RSA Archer 6.x

Document created by RSA Customer Support Employee on Jul 2, 2019Last modified by RSA Customer Support Employee on Jul 2, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000037597
Applies ToRSA Product Set: Archer
RSA Version/Condition: 6.x
 
IssueWhen looking at the Archer W3WP logs you see the following error:
 
<TraceRecord Severity="Error" xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord">
                                <TraceIdentifier>Archer.Web</TraceIdentifier>
                               <LogReferenceId>021519-071244-0597</LogReferenceId>
                               <Description>A potentially dangerous Request.QueryString value was detected from the client(=""&gt;&lt;script&gt;alert(docume...").</Description>
                               <AppDomain>/LM/W3SVC/2/ROOT-1-131946093110873830</AppDomain>
                              <Exception>
                                     <ExceptionType>System.Web.HttpRequestValidationException, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</ExceptionType>
                                     <Message>A potentially dangerous Request.QueryString value was detected from the client (=""&gt;&lt;script&gt;alert(docume...").</Message>
                                     <Source>System.Web</Source>
                                    <StackTrace>


at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
at System.Web.HttpValueCollection.EnsureKeyValidated(String key) at System.Web.HttpValueCollection.GetValues(Int32 index)
at System.Web.HttpValueCollection.ToString(Boolean urlencoded, IDictionary excludeKeys)
at DevExpress.Web.BinaryStorageSubscriber.RequestRecipient(HttpRequest request, RequestEvent requestEvent)
at DevExpress.Web.ASPxHttpHandlerModule.ProcessRequestCore(RequestEvent requestEvent)
at DevExpress.Web.ASPxHttpHandlerModule.BeginRequestHandler(Object sender, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&amp; completedSynchronously)</StackTrace>
CauseThese are IIS request validation errors, probably caused by special characters in a URL.
ResolutionYou should be able to prevent the errors by making the following change in IIS Manager:
  1. Select the website usef to host Archer. 
  2. Click the configuration editor icon in the center panel.
  3. Navigate to the System.web/httpRuntime section.
  4. Find the RequestValidationMode parameter. Enter the value 2.0.

User-added image


The article from Microsoft describes the RequestValidationMode parameter and the settings for it.

Attachments

    Outcomes