Unable to view or edit an item in the NS Console due to error: A potentially dangerous Request.Form value was detected from the client
search cancel

Unable to view or edit an item in the NS Console due to error: A potentially dangerous Request.Form value was detected from the client

book

Article ID: 164859

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

This issue was seen after an NS Upgrade to NS 8.0.  We had McAfee installed during the install which may have caused this issue. 

The error is seen when trying to Edit a Software Resource Rule or view Automation Policies, and possibly other locations.

HTTP Request failed:
/Altiris/PackageRuleManagement/EditRulePage.aspx?mode=edit&itemGuid=ea34f888-5b9b-4bb2-a8a4-f02b18fc3c7b
 
A potentially dangerous Request.Form value was detected from the client (ErrorPanel:ToXml="<panels/>
").
   [System.Web.HttpRequestValidationException @ System.Web]
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_HasForm()
   at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
   at System.Web.UI.Page.DeterminePostBackMode()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at Altiris.NS.UI.Controls.PageCachePage.ProcessRequest(HttpContext context)
   at Altiris.NS.UI.AltirisPage.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 
Exception logged from:
   at Altiris.NS.UI.AltirisWebApplication.ReportApplicationError(System.Web.HttpContext)
   at Altiris.PackageRuleManagement.Global.Application_Error(Object, EventArgs)
   at EventHandler.Invoke(Object, EventArgs)
   at System.Web.HttpApplication.RaiseOnError()
   at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
   at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
 

Cause

Plausible cause is having AV enabled during Upgrade.

Resolution

Several web.config files need to be updated to include the validateRequest and requestValidationMode changes mentioned below.  Those web.config files are in the following folders:

TaskManagement\Web
SoftwareManagementSolution\Web
SoftwareManagement\Web
SoftwareManagement\Web\PackageRuleManagement

For other items, the main Web.Config will be near the location specified in the Error message, however there may be others as well that are similar.


In .NET 2.0, request validation only applied to aspx requests. In .NET 4.0 this was expanded to include all requests. You can revert to only performing XSS validation when processing .aspx by specifying:
requestValidationMode="2.0"
You can disable request validate entirely by specifying:
validateRequest="false"

Here is an example of where this information needs to go:
<configuration>
...
  <location path="MyFolder/.aspx">
    <system.web>
      <pages validateRequest="false" />
      <httpRuntime requestValidationMode="2.0" />
    </system.web>
  </location>
...
</configuration>

 

 
Powered by Wolken Software