Hey all,
I am having a difficult time figuring out the reason behind this error message in IIS.
There are a number of errors coming in, daily, reporting things such as the following:
- Type : System.Web.HttpRequestValidationException, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
- Message : A potentially dangerous Request.Form value was detected from the client (="....c{MK#I,T<K:qi fxSU62K!8[1]EOTo...").2
- Request IP: - ##.##.##.#
- Type : System.Web.HttpRequestValidationException, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
- Message : A potentially dangerous Request.Form value was detected from the client (="u<g2@���ʥν��������ܰߥ�...").
- Request IP: - ##.##.##.#
What is confusing is that request IP is assigned to the load balancer we are using to direct to our web servers. The error is only coming from our homepage, which has no input controls on it besides a search textarea. However, upon searching this error on Google and on this site, the errors usually contain the input that is throwing this error in .NET ("ctrl001_=".. etc.). The search input is escaped before any data is submitted to the server so we do not believe it is what is causing it.
We are noticing we get the error on our production server, with the request IP being the load balancer, on page load. The code has been checked, and I believe we are at a bit of a loss at the moment as to why there is always a long string of characters being requested.
It is not causing the page to not render for users, however it is alarming for us.
Would anyone have any ideas as to why our load balancer is attempting to send a string to our web servers?