Article Content
Article Number | 000037597 |
Applies To | RSA Product Set: Archer RSA Version/Condition: 6.x |
Issue | When looking at the Archer W3WP logs you see the following error: <TraceRecord Severity="Error" xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord"> <TraceIdentifier>Archer.Web</TraceIdentifier> <LogReferenceId>021519-071244-0597</LogReferenceId> <Description>A potentially dangerous Request.QueryString value was detected from the client(=""><script>alert(docume...").</Description> <AppDomain>/LM/W3SVC/2/ROOT-1-131946093110873830</AppDomain> <Exception> <ExceptionType>System.Web.HttpRequestValidationException, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</ExceptionType> <Message>A potentially dangerous Request.QueryString value was detected from the client (=""><script>alert(docume...").</Message> <Source>System.Web</Source> <StackTrace> at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpValueCollection.EnsureKeyValidated(String key) at System.Web.HttpValueCollection.GetValues(Int32 index) at System.Web.HttpValueCollection.ToString(Boolean urlencoded, IDictionary excludeKeys) at DevExpress.Web.BinaryStorageSubscriber.RequestRecipient(HttpRequest request, RequestEvent requestEvent) at DevExpress.Web.ASPxHttpHandlerModule.ProcessRequestCore(RequestEvent requestEvent) at DevExpress.Web.ASPxHttpHandlerModule.BeginRequestHandler(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)</StackTrace> |
Cause | These are IIS request validation errors, probably caused by special characters in a URL. |
Resolution | You should be able to prevent the errors by making the following change in IIS Manager:
The article from Microsoft describes the RequestValidationMode parameter and the settings for it. |