我已添加了将错误记录到我们的数据库以获取所有HTTPExceptions的功能。一旦推出,我们在大约15分钟的时间内记录了大约10,000个。我必须假设这些错误一直在发生,但由于它们不是严重错误,因此用户没有注意到任何错误。
以下是我的Global.asax
中的代码protected void Application_Error(object sender, EventArgs e)
{
Exception exception = Server.GetLastError();
if (exception is HttpException)
{
var httpException = exception as HttpException;
if (httpException.GetHttpCode() == 404)
{
// Page not found error
Response.StatusCode = 404;
using (MyEntities db = new MyEntities())
{
ErrorLog error = new ErrorLog();
error.Date = DateTime.Now;
error.Type = httpException.GetHttpCode().ToString();
error.Message = httpException.Message;
error.Source = httpException.Source;
error.StackTrace = httpException.StackTrace;
error.TargetSite = Request.Url.ToString();
error.Browser = Request.Browser.Browser + "(" + Request.Browser.Type + ")" + "v" + Request.Browser.Version;
error.IP = Request.ServerVariables["REMOTE_ADDR"];
//db.ErrorLogs.Add(error);
//db.SaveChanges();
}
}
else if (httpException.GetHttpCode() == 500)
{
// Server Error
Response.StatusCode = 500;
using (MyEntities db = new MyEntities ())
{
ErrorLog error = new ErrorLog();
error.Date = DateTime.Now;
error.Type = httpException.GetHttpCode().ToString();
error.Message = httpException.Message;
error.Source = httpException.Source;
error.StackTrace = httpException.StackTrace;
error.TargetSite = Request.Url.ToString();
error.Browser = Request.Browser.Browser + "(" + Request.Browser.Type + ")" + "v" + Request.Browser.Version;
error.IP = Request.ServerVariables["REMOTE_ADDR"];
//db.ErrorLogs.Add(error);
//db.SaveChanges();
}
}
else
{
// All Other Errors
Response.StatusCode = 500;
using (MyEntities db = new MyEntities ())
{
ErrorLog error = new ErrorLog();
error.Date = DateTime.Now;
error.Type = "999";
error.Message = httpException.Message;
error.Source = httpException.Source;
error.StackTrace = httpException.StackTrace;
error.TargetSite = Request.Url.ToString();
error.Browser = Request.Browser.Browser + "(" + Request.Browser.Type + ")" + "v" + Request.Browser.Version;
error.IP = Request.ServerVariables["REMOTE_ADDR"];
//db.ErrorLogs.Add(error);
//db.SaveChanges();
}
}
}
在我们记录的10,000个错误中,只有50个是唯一的。
以下是其中一些的例子
type Message
999 A potentially dangerous Request.Path value was detected from the client (:).
999 A potentially dangerous Request.Path value was detected from the client (>).
404 The controller for path '/images/favicon.ico' was not found or does not implement IController.
404 The controller for path '/Scripts/jquery-1.4.2.min.js' was not found or does not implement IController.
404 The controller for path '/Scripts/jquery-ui-1.8.5.custom.min.js' was not found or does not implement IController.
现在这些看起来非常愚蠢。从用户角度来看,这不会将它们抛到我们的自定义404错误页面。所以我猜他们遇到了这个错误,后来被重定向,所以他们从来没有看到或注意到他们遇到错误,除非代码有问题。
如果他们是合法错误,任何人都能指出我正确的方向来解决这些问题吗?
最后三个404错误对我来说甚至没有意义,因为它们不是控制器,不应该被视为控制器。
答案 0 :(得分:1)
这些确实看起来非常无害,或者至少它们可能是无害的。这里有两个不同的问题:
前两个错误来自有一个":"或">"作为他们要求的一部分。可能是像#34; http://yoursite.com/stuff:here"的网址。这是asp.net帮助防止XSS攻击的事情。除非您拥有允许此操作的有效URL,否则您可能希望不管它。但是,如果要检查错误,可以通过添加HttpRequestValidationException检查来捕获此异常。如果您的网站操作需要这些字符,您还可以进行一些web.config更改:
Getting "A potentially dangerous Request.Path value was detected from the client (&)"
至于最后3个,"路径xxx的控制器......"。这些是仅在IIS 7及更早版本(以及VS WebServer)上发生的路由问题
可能适合你的一个是:
routes.IgnoreRoute("{*staticfile}", new { staticfile = @".*\.(css|js|gif|jpg|ico)(/.*)?" });