After updating our systems with the recently released asp.net vulnerability patch ms11-100, we found that some of our pages started failing with the exception "[HttpException (0x80004005): The URL-encoded form data is not valid.]" This is covered in the asp.net forums here:

在使用最近发布的asp.net漏洞补丁ms11-100更新我们的系统后,我们发现我们的一些页面开始失败,异常为“[HttpException(0x80004005):URL编码的表单数据无效。”这是在这里的asp.net论坛中介绍:

http://forums.asp.net/t/1754512.aspx/1?Microsoft+security+bulletin+MS11+100+breaking+our+site

and on * here:

在这里的*:

ASP.NET MS11-100: how can I change the limit on the maximum number of posted form values?

ASP.NET MS11-100:如何更改已发布表单值的最大数量限制?

What I tried to attempt is to limit the changes suggested thereby the attack area to the specific page by moving that page to it's own folder, so that I can have a specific web.config in that folder with the setting of aspnet:MaxHttpCollectionKeys having a value larger than the default of 1000.

我试图尝试通过将该页面移动到它自己的文件夹来限制攻击区域建议的更改到特定页面,这样我就可以在该文件夹中设置一个特定的web.config,其设置为aspnet:MaxHttpCollectionKeys值大于默认值1000。

I found that unless I specify this setting in the web.config in the root folder, this setting did not take effect. It seemed like asp.net just ignored the setting when it was in the web.config in the new folder for the page.

我发现除非我在根文件夹中的web.config中指定此设置,否则此设置不会生效。看起来asp.net只是忽略了它在页面的新文件夹中的web.config中的设置。

Is there something else I need to do to make this happen? Or is it not possible at all because of the nature of the setting?

我还需要做些什么来实现这个目标吗?或者根本不可能因为环境的性质?

2 个解决方案

#1

---

#2

---