Home / server / Questions / 176712
In Process
jayrdub
Asked: 2010-09-01 14:14:02 +0800 CST

How to get IIS 7 to do "Request filtering" before request validation

  • 772

I want to use the Request Filtering feature in IIS 7.5 to filter out some malevolent requests we are getting from some bots. The requests are triggering "System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client" and I don't want to make a case in our application configuration for it. But adding rules to deny these requests in the Request Filtering feature don't do anything because apparently request validation happens first. Any idea on how to filter these bad requests using IIS before validation happens?

iis iis-7.5

1 Answers

  1. Based on my experience and using Failed Request Tracing, validation errors against Request.Path take place as soon as any .NET code runs. The Request Tracing module runs as early as the begin request pipeline.

    If you have a managed .NET module that is executing during the begin request event (sample below).

    using System;
using System.Web;

namespace Test
{
    public sealed class CustomModule : IHttpModule
    {
        public void Dispose()
        {
        }

        public void Init(HttpApplication context)
        {
            context.BeginRequest += context_BeginRequest;
        }

        void context_BeginRequest(object sender, EventArgs e)
        {
            // Main .NET Code Here
        }
    }
}

    Please ensure that this module runs after the Request Filtering Module.

    • Using the IIS Manager, click on Modules.
    • Click on View Ordered Lists
    • Ensure that any managed .NET module is placed after the RequestFilteringModule.

    This guarantees that the Request Filtering Module runs before any possible .NET code. Hopefully in this scenario, even if a request has an invalid Request.Path value, it should be picked up by the Request Filtering module prior to any visible error.

    • 0