|
我们每天开始收到多个此类错误,出现在事件日志中:
Invalid JSON primitive: alihack. at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializePrimitiveObject()
at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32
depth) at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.BasicDeserialize(String
input,Int32 depthLimit,JavaScriptSerializer serializer) at
System.Web.Script.Serialization.JavaScriptSerializer.Deserialize(JavaScriptSerializer
serializer,String input,Type type,Int32 depthLimit) at
System.Web.Mvc.JsonValueProviderFactory.GetDeserializedObject(ControllerContext
controllerContext) at
System.Web.Mvc.JsonValueProviderFactory.GetValueProvider(ControllerContext
controllerContext) at
System.Web.Mvc.ValueProviderFactoryCollection.GetValueProvider(ControllerContext
controllerContext) at
System.Web.Mvc.ControllerBase.get_ValueProvider() at
System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext
controllerContext,ParameterDescriptor parameterDescriptor) at
System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext
controllerContext,ActionDescriptor actionDescriptor) at
System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.b__19(AsyncCallback
asyncCallback,Object asyncState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult1.CallBeginDelegate(AsyncCallback
callback,Object callbackState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.Begin(AsyncCallback
callback,Object state,Int32 timeout) at
System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext
controllerContext,String actionName,AsyncCallback callback,Object
state) at
System.Web.Mvc.Controller.b__1c(AsyncCallback
asyncCallback,Object asyncState,ExecuteCoreState innerState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback,
Object state) at
System.Web.Mvc.Controller.b__14(AsyncCallback
asyncCallback,Object callbackState,Controller controller) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext,
AsyncCallback callback,Object state) at
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext
requestContext,Object state) at
System.Web.Mvc.MvcHandler.b__4(AsyncCallback
asyncCallback,ProcessRequestState innerState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase
httpContext,Object state) at
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext,Object state) at
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext
context,AsyncCallback cb,Object extraData) at
Orchard.Mvc.Routes.ShellRoute.HttpAsyncHandler.BeginProcessRequest(HttpContext
context,Object extraData) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)
请求转到http://example.com/ali.txt.请求的有效负载中应该有其他内容,因为只需正确打开此URL就会生成404.
这有什么值得担心的吗?我可以,我应该防止这样的错误发生,而是返回一个错误的请求,例如?为什么这种反序列化首先发生?
解决方法
此问题是
(JSON::ParserError) “{N}: unexpected token at ‘alihack<%eval request(”alihack.com”)%>的副本,但对于不同的服务器(IIS).
如果您的网站不使用PUT请求,您可以使用<requestFiltering />拒绝所有这些请求.
<configuration>
<system.webServer>
<security>
<requestFiltering>
<verbs applyToWebDAV="false">
<add verb="PUT" allowed="false" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
</configuration>
否则,url rewrite module可以实现更优雅的解决方案(可以与Web Platform Installer一起安装):
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Abort requests to ali.txt - alihack" patternSyntax="Wildcard" stopProcessing="true">
<match url="ali.txt" />
<conditions />
<action type="AbortRequest" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration> (编辑:甘南站长网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
