After investigating this some more, the real issue I'm seeing is that when requesting a path that contains a colon (:) or star (*) such as "www.example.com/abcd:" then Mono is displaying a full stacktrace and version information despite having <customErrors mode="RemoteOnly"/> set in the Web.config. When I reproduce with Microsoft .Net it displays the usual generic error with no version information as you'd expect.
Can anyone else confirm this is an issue or suggest a workaround? Thanks, James On 29/06/2011 11:35, James Wright wrote: > Further to this, it seems the stacktrace for this error is available > to remote users, shouldn't that only be visible to local only? > > > Thanks, > James > > On 29/06/2011 11:18, James Wright wrote: >> Hi, >> >> I am running Mono 2.10.2 (installed from the current RPMs) and an >> ASP.NET 4.0 MVC 2 web app. I have a few excpetions in my Apache error >> log as a result of some recent vulnerability scans against my web >> server. The HTTP response code returned is a 500, with a stacktrace >> dumped in the error log. However when I test the same invalid path on my >> windows dev machine (running the Microsoft .NET framework) I get a 400 - >> Not Found which is what I'd expect. Here is a snippet from my web server >> log; >> >> error_log: >> System.Web.HttpException: '/w00tw00t.at.blackhats.romanian.anti-sec:)' >> is not a valid virtual path. >> at System.Web.HttpRequest.MapPath (System.String virtualPath, >> System.String baseVirtualDir, Boolean allowCrossAppMapping) [0x00000] in >> <filename unknown>:0 >> at System.Web.HttpRequest.MapPath (System.String virtualPath) >> [0x00000] in<filename unknown>:0 >> at System.Web.Configuration.WebConfigurationManager.MapPath >> (System.Web.HttpRequest req, System.String virtualPath) [0x00000] in >> <filename unknown>:0 >> at System.Web.Configuration.WebConfigurationManager.FindWebConfig >> (System.String path, System.Boolean& inAnotherApp) [0x00000] in >> <filename unknown>:0 >> at >> System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration >> (System.String path, System.String site, System.String locationSubPath, >> System.String server, System.String userName, System.String password, >> Boolean fweb) [0x00000] in<filename unknown>:0 >> at System.Web.Configuration.WebConfigurationManager.GetSection >> (System.String sectionName, System.String path, System.Web.HttpContext >> context) [0x00000] in<filename unknown>:0 >> at System.Web.Configuration.WebConfigurationManager.GetSection >> (System.String sectionName) [0x00000] in<filename unknown>:0 >> at Mono.WebServer.BaseApplicationHost.LocateHandler (System.String >> verb, System.String uri) [0x00000] in<filename unknown>:0 >> at Mono.WebServer.BaseApplicationHost.IsHttpHandler (System.String >> verb, System.String uri) [0x00000] in<filename unknown>:0 >> at Mono.WebServer.Paths.VirtualPathExists (IApplicationHost appHost, >> System.String verb, System.String uri) [0x00000] in<filename unknown>:0 >> at Mono.WebServer.Paths.GetPathsFromUri (IApplicationHost appHost, >> System.String verb, System.String uri, System.String& realUri, >> System.String& pathInfo) [0x00000] in<filename unknown>:0 >> at Mono.WebServer.ModMonoWorkerRequest.GetRequestData () [0x00000] in >> <filename unknown>:0 >> at Mono.WebServer.MonoWorkerRequest.ReadRequestData () [0x00000] in >> <filename unknown>:0 >> at Mono.WebServer.BaseApplicationHost.ProcessRequest >> (Mono.WebServer.MonoWorkerRequest mwr) [0x00000] in<filename unknown>:0 >> at Mono.WebServer.ModMonoApplicationHost.ProcessRequest (Int32 reqId, >> System.String verb, System.String queryString, System.String path, >> System.String protocol, System.String localAddress, Int32 serverPort, >> System.String remoteAddress, Int32 remotePort, System.String remoteName, >> System.String[] headers, System.String[] headerValues, System.Object >> worker) [0x00000] in<filename unknown>:0 >> at (wrapper remoting-invoke-with-check) >> Mono.WebServer.ModMonoApplicationHost:ProcessRequest >> (int,string,string,string,string,string,int,string,int,string,string[],string[],object) >> at Mono.WebServer.ModMonoWorker.InnerRun (System.Object state) >> [0x00000] in<filename unknown>:0 >> at Mono.WebServer.ModMonoWorker.Run (System.Object state) [0x00000] >> in<filename unknown>:0 >> >> [error] (70014)End of file found: read_data failed >> [error] Command stream corrupted, last command was 1 >> >> >> Thanks, >> James >> >> >> >> _______________________________________________ >> Mono-list maillist - [email protected] >> http://lists.ximian.com/mailman/listinfo/mono-list > _______________________________________________ > Mono-list maillist - [email protected] > http://lists.ximian.com/mailman/listinfo/mono-list _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
