问题
I have a live site where every error is logged and e-mailed to me.
I've been getting a lot of "Padding is invalid and cannot be removed." errors on requests to WebResource.axd. Looking closely, the request is erroneous.
This is the request in question:
/webresource.axd?d=mgqvdy8omlq71j1set2ida2&t=633700045603820000
And this is how it should look:
/WebResource.axd?d=MgQvdy8OmLQ71j1SET2IdA2&t=633700045603820000
Notice the lack of capitalization and, more importantly, the lack of ; after &.
The user agent is this:
UA: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
What could this be?
Could a real, actual user be getting errors because of this?
Is this something that IE could actually be doing wrong?
Or is this just a badly written bot?
This happens every now and then, it definitely doesn't happen to all our users, or even to all our IE users.
UPDATE: I'm also getting a lot of "Invalid character in a Base-64 string." when forms are posted, also only from IE 6.0, so i'm guessing they're related.
Thanks for your help!
Daniel
回答1:
We were seeing similar errors with ScriptResource.axd and Invalid Viewstate exceptions. Eventually I found this post:
- Error : /ScriptResource.axd : Invalid viewstate.
Which indicated a bug in IE (and possibly other browsers) where an invalid DOCTYPE of XHTML causes the browser to make an incorrect request to ScriptResource.axd. We solved the problem by changing the XHTML DOCTYPE to the HTML5 doctype and removing the xmlns attribute from the html tag. Our pages were not XHTML compliant anyway.
From:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
To:
<!DOCTYPE html>
<html>
回答2:
Just guessing here, but I had a similar problem with special characters being removed/substituted when I used IIS 7 to run some sites. Turned out to be IIS's "security feature" - its rules are in "urlscan.ini". Maybe this will help.
回答3:
If you've already set a fixed MachineKey in your web.config, then this issue is most likely proxies messing up the requests. We get it with some of our IE6 users as well, and I've also seen where proxies turn & into & in the querystring (which is incorrect).
回答4:
As this is semi-random, the second option in this blog post may help.
回答5:
Since the URL appears to be manipulated, it looks like it is a bug in a proxy software. Maybe you can find patterns in the requesting IP Ranges to identify certain proxies or ISPs.
However, that does not really explain the constant IE6 UserAgent (unless the proxy screws that up too). It could be one of the many IE bugs (e.g. gzip issues, Missing 4k Bug, etc.) but those usually break much more than just lowercasing an URL and remove one character. You could temporarily turn off gzip to see if it has any effect.
Here is a question with similar symptoms and my answer includes links to some of the IE bugs.
回答6:
You could try setting a fixed machineKey in your web.config file. For this you can use a machineKey generator or generate your own:
<system.web>
<machineKey
validationKey='SOME KEY'
decryptionKey='OTHER KEY'
validation='SHA1'/>
</system.web>
回答7:
You could check:
-doctype (does it match the data you're sending? IE6 is picky)
-character set
来源:https://stackoverflow.com/questions/1523546/asp-net-ie6-making-invalid-requests