【发布时间】:2012-01-04 23:27:55
【问题描述】:
我的应用程序有问题,只有在部署到发布服务器后才会发生。我的应用程序在 Webresource.axd 上返回错误 System.Web.HttpException invalid request
客户端请求的 WebResource URL 示例:(忽略 ** 和 * 它们用于分隔部分 url)
WebResource.axd的?d = PLZ1f5srE_3_5bqe5SNJORbrjr9bvaTarv3MMKJi1fn ** GsDQLshr2sDQLshrmsDQLshrWsDQLshrGsDQLshq2sDQLshumvDQL72ZKbBQK5zYfpBAK5zZuMAwLEytPECwLbo5IqArrNo5oDAsbKp5sDAsbK66oFArnN28ILArnNj9UCAsfK8 / UJAqTNm4oJAv2jypsOAvCjpoIOAsbK / 6EDArnN254FAsbKh70KAqTNg7wKAqTNw84NAsTKm9ACAsbK8 / UJAtyj + uUHAsfKz + cEArnNg + gEAqTN1 + UEArnNv78KAsfK560FArrNg7wKArnNr5kDAqTNr5kDAsbKo5oDAsfKm9ACAv2jpoIOAsfK6 / cJArnN0 + QEArnN560FArnN08QLAv2jzpgOAsbK5 / YJAqTN28ILAsbKo + AEAqTNk9ICArnN350DAsbKm9ACAsbK44kJAqfNn4sJArnNs4YDArnN76sFArjNl9MCAsbK6 / cJArnN7 / QJAqTN0 / 0JAsbKi7oKAqfNm4oJAv2j + uUHAsfKi7oKArnN44kJArnNu74KAsbKi9QCArnN5 / YJAqTNz + cEArnNm4oJAsbKt4cDAsTK5 / YJArnNh70KArnNp8ELArnNt4cDArnNn9ECAtrKm9ACAsbKj9UCArnNn4sJAsbK7 / QJArnNi9QCArnNy8wNAsTK + 8ANAsbKs4YDAqTNi9QCAsfKk9ICArnNl9MCAvqjpoIOArnNo + AEArnNs7AKArnN0 / 0JAsfKo5oDAsbK / 8ENAsfK08QLAsbKk9ICAsbK0 + QEAr3Nl9MCAsbK3 + MEAsfK + 8ANAsbK + 8ANArnNg7wKAt3Km9ACArnN / 8YCArnN3 + MEArnNq5gDAvujpoIOArnNi7oKAsfK5 / YJArnNk9ICArnN / 8ENAqfNo5oDArnNz + cEArrN560FArnNr7UMAt3K5 / YJAsfK3 + MEAqTN / 6EDArrN / 6EDAtyjkioCp83nrQUCxMqLugoCuc3Dzg0CpM3TxAsCp82DvAoCxsqf0QICvc3nrQUC26PmzggCpM3L5gQCpM2fiwkCp83 / oQMCpM2jmgMCuc23sQoCuc2H1wICxMrr9wkCuc3rowoCuc3r9wkCus2X0wICp82X0wICuc3z9QkCuc2jmgMCuc37lgUCx8qHvQoCp83P5wQCuc3voAoCuc2b0AICxsrTxAsCxMqjmgMCpM2X0wIC3crr9wkCus23sQoCxsrP5wQCxsrnrQUC26P65QcCuc37wA0Cuc3 / oQMCpM37wA0Cp823sQoCuc2XjwMCuc3rqgUCpM3nrQUCuc3X + gkCuc3PzQ0C / aOGig4Cuc2HyQsCxsq7vgoCuc3X5QQC + qPKmw4Cuc2nmwMCuc3L5gQCuc2zsgwCxsq3sQoC / aPmzggCpM23sQoCuc3DxwIC3KPmzggCh + rGqAgChKbr / G4 强> * keCbLSNH7D5G4o / WMirW0wCCoaA == P>
所以有两件事立刻打动了我:
- 程序集时间戳末尾缺少 &t=
- 加密网址中似乎通常找不到“/”和“+”
我在我这边运行应用程序当然一切正常...但我注意到在我的源文件中,我在客户端错误中看到的部分内容可以在我的 html 中找到:
<script src="/WebResource.axd?d=**PLZ1f5srE_3_5bqe5SNJORbrjr9bvaTarv3MMKJi1fn**NUlSwWXFIxNUWR37nSX-uEeFiuIaj75QpNoWiMNuwvLvtF14FC7RJnWXlWsiRGRTxygC60zWpEKm8nsH2W5C_3w9fBgmsUvMtxxfwjQB23ipcHaCWFd_wvS5QWc5bgmPzUpNNF-gwwdthk8-NKZOJKbUxQg2&amp;t=634601510084481499" type="text/javascript"></script>
<!-- SOME MORE CODE -->
<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEW5wECuIuguQEC3LnYqw4C+MDh9AEClczxhwICjKHu/A4CovL+qwgC5oaBuAgCip7jrAkC2OrW4wICkIaEvAsC5e+IZQLOjIDvBwLqgKKLDALrgKKLDALogKKLDALpgKKLDALugKKLDALvgKKLDALsgKKLDAL9gKKLDALygKKLDALqgOKIDALqgO6IDALqgOqIDALqgNaIDALqgNKIDALqgN6IDALqgNqIDALqgMaIDALqgIKLDALqgI6LDALj6ePBAQLj6ePBAQLzhoWsDQLzhoGsDQLzhr2sDQLzhrmsDQLzhrWsDQLzhrGsDQLzhq2sDQLzhumvDQLzhuWvDQLshomsDQLshoWsDQLshoGsDQLshr2sDQLshrmsDQLshrWsDQLshrGsDQLshq2sDQLshumvDQL72ZKbBQK5zYfpBAK5zZuMAwLEytPECwLbo5IqArrNo5oDAsbKp5sDAsbK66oFArnN28ILArnNj9UCAsfK8/UJAqTNm4oJAv2jypsOAvCjpoIOAsbK/6EDArnN254FAsbKh70KAqTNg7wKAqTNw84NAsTKm9ACAsbK8/UJAtyj+uUHAsfKz+cEArnNg+gEAqTN1+UEArnNv78KAsfK560FArrNg7wKArnNr5kDAqTNr5kDAsbKo5oDAsfKm9ACAv2jpoIOAsfK6/cJArnN0+QEArnN560FArnN08QLAv2jzpgOAsbK5/YJAqTN28ILAsbKo+AEAqTNk9ICArnN350DAsbKm9ACAsbK44kJAqfNn4sJArnNs4YDArnN76sFArjNl9MCAsbK6/cJArnN7/QJAqTN0/0JAsbKi7oKAqfNm4oJAv2j+uUHAsfKi7oKArnN44kJArnNu74KAsbKi9QCArnN5/YJAqTNz+cEArnNm4oJAsbKt4cDAsTK5/YJArnNh70KArnNp8ELArnNt4cDArnNn9ECAtrKm9ACAsbKj9UCArnNn4sJAsbK7/QJArnNi9QCArnNy8wNAsTK+8ANAsbKs4YDAqTNi9QCAsfKk9ICArnNl9MCAvqjpoIOArnNo+AEArnNs7AKArnN0/0JAsfKo5oDAsbK/8ENAsfK08QLAsbKk9ICAsbK0+QEAr3Nl9MCAsbK3+MEAsfK+8ANAsbK+8ANArnNg7wKAt3Km9ACArnN/8YCArnN3+MEArnNq5gDAvujpoIOArnNi7oKAsfK5/YJArnNk9ICArnN/8ENAqfNo5oDArnNz+cEArrN560FArnNr7UMAt3K5/YJAsfK3+MEAqTN/6EDArrN/6EDAtyjkioCp83nrQUCxMqLugoCuc3Dzg0CpM3TxAsCp82DvAoCxsqf0QICvc3nrQUC26PmzggCpM3L5gQCpM2fiwkCp83/oQMCpM2jmgMCuc23sQoCuc2H1wICxMrr9wkCuc3rowoCuc3r9wkCus2X0wICp82X0wICuc3z9QkCuc2jmgMCuc37lgUCx8qHvQoCp83P5wQCuc3voAoCuc2b0AICxsrTxAsCxMqjmgMCpM2X0wIC3crr9wkCus23sQoCxsrP5wQCxsrnrQUC26P65QcCuc37wA0Cuc3/oQMCpM37wA0Cp823sQoCuc2XjwMCuc3rqgUCpM3nrQUCuc3X+gkCuc3PzQ0C/aOGig4Cuc2HyQsCxsq7vgoCuc3X5QQC+qPKmw4Cuc2nmwMCuc3L5gQCuc2zsgwCxsq3sQoC/aPmzggCpM23sQoCuc3DxwIC3KPmzggCh+rGqAgChKbr/g4ClPD6xgsCr/L07wkC7tqwgwUCtL2fYQLw0+rVBQKSg7DZBwL3teCNBAL3tZyNBAL3tYiNBALHpriBCAKahuPBAV+BOBC5oXM0AZHQT+bmVMUgNw6K" />
注意“错误 URL”的第一部分:
PLZ1f5srE_3_5bqe5SNJORbrjr9bvaTarv3MMKJi1fn
可以在我的 HTML 的 script 标签中找到 以及错误 URL 的第二部分:
GsDQLshr2sDQLshrmsDQLshrWsDQLshrGsDQLshq2sDQLshumvDQL72ZKbBQK5zYfpBAK5zZuMAwLEytPECwLbo5IqArrNo5oDAsbKp5sDAsbK66oFArnN28ILArnNj9UCAsfK8 / UJAqTNm4oJAv2jypsOAvCjpoIOAsbK / 6EDArnN254FAsbKh70KAqTNg7wKAqTNw84NAsTKm9ACAsbK8 / UJAtyj + uUHAsfKz + cEArnNg + gEAqTN1 + UEArnNv78KAsfK560FArrNg7wKArnNr5kDAqTNr5kDAsbKo5oDAsfKm9ACAv2jpoIOAsfK6 / cJArnN0 + QEArnN560FArnN08QLAv2jzpgOAsbK5 / YJAqTN28ILAsbKo + AEAqTNk9ICArnN350DAsbKm9ACAsbK44kJAqfNn4sJArnNs4YDArnN76sFArjNl9MCAsbK6 / cJArnN7 / QJAqTN0 / 0JAsbKi7oKAqfNm4oJAv2j + uUHAsfKi7oKArnN44kJArnNu74KAsbKi9QCArnN5 / YJAqTNz + cEArnNm4oJAsbKt4cDAsTK5 / YJArnNh70KArnNp8ELArnNt4cDArnNn9ECAtrKm9ACAsbKj9UCArnNn4sJAsbK7 / QJArnNi9QCArnNy8wNAsTK + 8ANAsbKs4YDAqTNi9QCAsfKk9ICArnNl9MCAvqjpoIOArnNo + AEArnNs7AKArnN0 / 0JAsfKo5oDAsbK / 8ENAsfK08QLAsbKk9ICAsbK0 + QEAr3Nl9MCAsbK3 + MEAsfK + 8ANAsbK + 8ANArnNg7wKAt3Km9ACArnN / 8YCArnN3 + MEArnNq5gDAvujpoIOArnNi7oKAsfK5 / YJArnNk9ICArnN / 8ENAqfNo5oDArnNz + cEArrN560FArnNr7UMAt3K5 / YJAsfK3 + MEAqTN / 6EDArrN / 6EDAtyjkioCp83nrQUCxMqLugoCuc3Dzg0CpM3TxAsCp82DvAoCxsqf0QICvc3nrQUC26P mzggCpM3L5gQCpM2fiwkCp83 / oQMCpM2jmgMCuc23sQoCuc2H1wICxMrr9wkCuc3rowoCuc3r9wkCus2X0wICp82X0wICuc3z9QkCuc2jmgMCuc37lgUCx8qHvQoCp83P5wQCuc3voAoCuc2b0AICxsrTxAsCxMqjmgMCpM2X0wIC3crr9wkCus23sQoCxsrP5wQCxsrnrQUC26P65QcCuc37wA0Cuc3 / oQMCpM37wA0Cp823sQoCuc2XjwMCuc3rqgUCpM3nrQUCuc3X + gkCuc3PzQ0C / aOGig4Cuc2HyQsCxsq7vgoCuc3X5QQC + qPKmw4Cuc2nmwMCuc3L5gQCuc2zsgwCxsq3sQoC / aPmzggCpM23sQoCuc3DxwIC3KPmzggCh + rGqAgChKbr / G4 P>
可以在我的html的输入标签中找到。
所以无论如何,我猜客户端收到的 html 代码已损坏/被切断,我不知道或与另一个请求混淆。也可能是生产在 iis 6 上,而开发在 iis 7 上。生产服务器也使用 SSL,所以不确定这是否会干扰。会不会是我代码中的 Server.Transfer?
谁能帮我解决这个问题?
非常感谢!
【问题讨论】:
-
WebResouce.axd 有什么用?我假设您没有自己添加唯一标识符(如果您这样做,这将是一个明显的问题)。
-
所有这些 base64 文本使您的问题难以阅读,并且没有添加任何有用的信息。
-
只是猜测,是否在生产服务器上安装了 IIS urlscan?