web.config is a tricky thing to rely on simple copy-pasting. I'm trying to read this line by line and look up the options. I mostly understand what-it-does part, but the why-it-is-needed part is not clear.
Default requestValidationMode value is 4.0. Are you setting it 2.0 for backward compatibility?
Anyway, It would be great to have line by line docs or html representation of this with side notes.
<!-- enableVersionHeader -- Security through obscurity. Removes X-AspNet-Version HTTP header from the response -->
<!-- relaxedUrlToFileSystemMapping -- Optional. Set this if you're upgrading from older versions of ASP. See: http://www.asp.net/whitepapers/aspnet4/breaking-changes#0.1__Toc256770147 -->
<!-- requestPathInvalidCharacters -- Allow zombie DOS names to be captured by ASP.NET (/con, /com1, /lpt1, /aux, /prt, /nul, etc) -->
<!-- targetFramework -- ??? -->
<httpRuntime enableVersionHeader="false"
relaxedUrlToFileSystemMapping="true"
requestPathInvalidCharacters=""
requestValidationMode="2.0"
targetFramework="4.5"/>
ChrisMcKee
commented
8 years ago
web.configis a tricky thing to rely on simple copy-pasting. I'm trying to read this line by line and look up the options. I mostly understand what-it-does part, but the why-it-is-needed part is not clear.Default
requestValidationModevalue is4.0. Are you setting it2.0for backward compatibility?Anyway, It would be great to have line by line docs or html representation of this with side notes.