Blog comment attacks blocked by ASP.NET's ValidateRequest feature

For several days now the logs for my blog are showing the ASP.NET error message “A potentially dangerous Request.Form value was detected from the client” which is ASP.NET’s way of preventing potentially harmful postbacks that are coming from the comment form used here on my blog. This is probably one of those features that people love to hate but in this case I think it’s quite effective. For more information see ValidateRequest.

One thought on “Blog comment attacks blocked by ASP.NET's ValidateRequest feature

  1. Of course, if you just cook all lesser and greater than signs into their ampersand equivalents, then there is zero problem and the system works as expected for everyone EXCEPT those trying to exploit the system. Which is, if I recall correctly, a option in asp.net, but I forget exactly where.

Comments are closed.