热点
站长心得:网站设计中的色彩心理学应用
站长揭秘:优质内容的创作与发布技巧
站长教程:如何使用网站分析工具提升运营效率?
站长聚焦:新网站推广策略探讨
站长分析:网站流量来源与优化策略
MySQL视图优化教程:提高视图查询性能的技巧
MySQL查询优化技巧教程:编写高效SQL语句的诀窍(续)
MySQL分表分库教程:解决单一数据库瓶颈的方法
MySQL内存存储引擎教程:了解MEMORY存储引擎的特点和使用场景(续)
MySQL在移动应用开发中的应用教程:如何与iOS、Android等平台集成
4 5 月 2025, 周日
asp.Net

来自ASP.NET MVC站点的“无效的JSON原语:alihack”错误

由 dawei 没有评论 #asp #asp.net #mvc #无效 #来自 #站点

我们每天开始收到多个此类错误,出现在事件日志中:

Invalid JSON primitive: alihack. at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializePrimitiveObject()
at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32
depth) at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.BasicDeserialize(String
input,Int32 depthLimit,JavaScriptSerializer serializer) at
System.Web.Script.Serialization.JavaScriptSerializer.Deserialize(JavaScriptSerializer
serializer,String input,Type type,Int32 depthLimit) at
System.Web.Mvc.JsonValueProviderFactory.GetDeserializedObject(ControllerContext
controllerContext) at
System.Web.Mvc.JsonValueProviderFactory.GetValueProvider(ControllerContext
controllerContext) at
System.Web.Mvc.ValueProviderFactoryCollection.GetValueProvider(ControllerContext
controllerContext) at
System.Web.Mvc.ControllerBase.get_ValueProvider() at
System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext
controllerContext,ParameterDescriptor parameterDescriptor) at
System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext
controllerContext,ActionDescriptor actionDescriptor) at
System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.b__19(AsyncCallback
asyncCallback,Object asyncState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult1.CallBeginDelegate(AsyncCallback
callback,Object callbackState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.Begin(AsyncCallback
callback,Object state,Int32 timeout) at
System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext
controllerContext,String actionName,AsyncCallback callback,Object
state) at
System.Web.Mvc.Controller.b__1c(AsyncCallback
asyncCallback,Object asyncState,ExecuteCoreState innerState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback,
Object state) at
System.Web.Mvc.Controller.b__14(AsyncCallback
asyncCallback,Object callbackState,Controller controller) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext,
AsyncCallback callback,Object state) at
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext
requestContext,Object state) at
System.Web.Mvc.MvcHandler.b__4(AsyncCallback
asyncCallback,ProcessRequestState innerState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase
httpContext,Object state) at
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext,Object state) at
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext
context,AsyncCallback cb,Object extraData) at
Orchard.Mvc.Routes.ShellRoute.HttpAsyncHandler.BeginProcessRequest(HttpContext
context,Object extraData) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)

请求转到http://example.com/ali.txt.请求的有效负载中应该有其他内容,因为只需正确打开此URL就会生成404.

这有什么值得担心的吗?我可以,我应该防止这样的错误发生,而是返回一个错误的请求,例如?为什么这种反序列化首先发生?

解决方法

此问题是
(JSON::ParserError) “{N}: unexpected token at ‘alihack<%eval request(\”alihack.com\”)%>的副本,但对于不同的服务器(IIS).

如果您的网站不使用PUT请求,您可以使用<requestFiltering />拒绝所有这些请求.

<configuration>
   <system.webServer>
      <security>
        <requestFiltering>
          <verbs applyToWebDAV="false">
            <add verb="PUT" allowed="false" />
          </verbs>
        </requestFiltering>
      </security>
   </system.webServer>
</configuration>

否则,url rewrite module可以实现更优雅的解决方案(可以与Web Platform Installer一起安装):

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Abort requests to ali.txt - alihack" patternSyntax="Wildcard" stopProcessing="true">
          <match url="ali.txt" />
          <conditions />
          <action type="AbortRequest" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

dawei

【声明】:淮南站长网内容转载自互联网,其相关言论仅代表作者个人观点绝非权威,不代表本站立场。如您发现内容存在版权问题,请提交相关链接至邮箱:bqsm@foxmail.com,我们将及时予以处理。

相关文章

asp.Net

经典ASP和UTF-8

dawei
asp.Net

asp.net – 为不同项目中的所有Web应用程序网页添加命名空间引用

dawei
asp.Net

asp.net-mvc – 只发布控制器

dawei

您错过了

站长资讯

站长心得:网站设计中的色彩心理学应用

站长资讯

站长揭秘:优质内容的创作与发布技巧

站长资讯

站长教程:如何使用网站分析工具提升运营效率?

站长资讯

站长聚焦:新网站推广策略探讨