Re: A potentially dangerous querystring ... [ValidateRequest]
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 04/17/04
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Logon API on Windows 2000 with ASP.NET 1.1"
- Previous message: Boris: "Re: A potentially dangerous querystring ... [ValidateRequest]"
- In reply to: Boris: "Re: A potentially dangerous querystring ... [ValidateRequest]"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: A potentially dangerous querystring ... [ValidateRequest]"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: A potentially dangerous querystring ... [ValidateRequest]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 18 Apr 2004 00:33:23 +1000
I believe that mappings can be set on a Web Application by Web Application
basis.
In IIS Manager, you will need to goto Web App Properties -> Directory -> App
Configuration Button -> Mappings tab. Map the ASP.NET extensions (e.g.
.aspx) to the appropriate aspnet_isapi.dll
So, even if you change one web app to use 1.0, the others can still use 1.1
(I think they can - maybe the can't, but you coudl try it).
Cheers
Ken
"Boris" <benboris78@yahoo.com> wrote in message
news:c007e638.0404170455.279a6b66@posting.google.com...
: Hi Scott, Ken,
: thanks for the replies.
:
: i think modifying the machine.config is not possible since it may
: affect other web app on the production box.
:
: In fact same reason applies to Ken also. I can change the settings in
: IIS to make it point to 1.0 again, but this will affect other Web app.
:
: phew...What a change from 1.0 to 1.1!!!!
:
: It is always good to fill in Security holes, but this i feel is a
: over-restiction. At least for 1.0 web application, there must be a
: better way to easily come thru this change...
:
: Any other suggestions are most welcome.
:
: Thanks again
: Ben
:
:
: "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:<OnwY6t6IEHA.520@tk2msftngp13.phx.gbl>...
: > Alternatively, is there any way to get the server running v1.1 to go
back
: > to running v1.0 (I suppose, talk to your administrator) until the server
: > running v1.0 can be upgraded to v1.1?
: >
: > Cheers
: > Ken
: >
: > "Scott Mitchell [MVP]" <mitchell@4guysfromrolla.com> wrote in message
: > news:ZlJfc.37370$XV2.11734@newssvr29.news.prodigy.com...
: > : > So to wrap my problem....Is there any way to include
: > : > "validateRequest=false" in web.config, but still allow 1.0 to
compile
: > : > correctly?
: > :
: > : Ben, I've not tries this, but I believe it will work (although it may
: > : not have the exact effect you're after). You could tweak the
: > : machine.config for 1.1 to include the validateRequest=false.
Therefore,
: > : you wouldn't have to fiddle with the Web.config.
: > :
: > : Of course the issue here is two-fold:
: > :
: > : (1) You must have access to the Web server's machine.config
: > : (2) You will be affecting the default validateRequest setting for ALL
: > : Web sites using ASP.NET 1.1 on the box
: > :
: > : But, for your situation, it might be of use. Hope this helps.
: > :
: > : --
: > :
: > : Scott Mitchell
: > : mitchell@4guysfromrolla.com
: > : http://www.4GuysFromRolla.com
: > : http://www.ASPFAQs.com
: > : http://www.ASPMessageboard.com
: > :
: > : * When you think ASP, think 4GuysFromRolla.com!
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Logon API on Windows 2000 with ASP.NET 1.1"
- Previous message: Boris: "Re: A potentially dangerous querystring ... [ValidateRequest]"
- In reply to: Boris: "Re: A potentially dangerous querystring ... [ValidateRequest]"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: A potentially dangerous querystring ... [ValidateRequest]"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: A potentially dangerous querystring ... [ValidateRequest]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
