stackoom
  简体   繁体   中英

ServiceStack CookieException

 原文  2013-03-13 22:21:44       c#/ api/ servicestack

Question

Under ServiceStack (3.9.33) we are getting the following exception: 

errorCode":"CookieException"
"message":"The 'Name'='$Version' part of the cookie is invalid."
"stackTrace":"   at System.Net.Cookie..ctor(String name, String value)\r\n   at
System.Net.Cookie..ctor(String name, String value, String path, String domain)\r\n   at
ServiceStack.WebHost.Endpoints.Extensions.HttpRequestWrapper.get_Cookies()\r\n   at
ServiceStack.ServiceHost.HttpRequestAuthentication.GetCookieValue(IHttpRequest httpReq, 
String cookieName)\r\n   at 
ServiceStack.ServiceInterface.AuthenticateAttribute.AuthenticateIfDigestAuth(IHttpRequest 
req, IHttpResponse res)\r\n   at 
ServiceStack.ServiceInterface.AuthenticateAttribute.Execute(IHttpRequest req, 
IHttpResponse res, Object requestDto)\r\n   at 
ServiceStack.ServiceInterface.RequestFilterAttribute.RequestFilter(IHttpRequest req, 
IHttpResponse res, Object requestDto)\r\n   at 
ServiceStack.WebHost.Endpoints.EndpointHost.ApplyRequestFilters(IHttpRequest httpReq, 
IHttpResponse httpRes, Object requestDto)\r\n   at 
ServiceStack.WebHost.Endpoints.RestHandler.ProcessRequest(IHttpRequest httpReq, 
IHttpResponse httpRes, String operationName)

When our vendor (code we do not control) submits the following request: 

Content-Length: 283401
Authorization: Basic --------------------------
Cookie: $Version=0; ss-id=----; $Path=/, $Version=0; ss-pid=---; $Path=/
Host: -----
User-Agent: Jakarta Commons-HttpClient/3.1

Any possible work-arounds or settings we could use to avoid the exception?

Thanks.

1 answers

solution1
 1  2013-10-24 07:13:37

I just got a bunch of the same errors in my log today (ServiceStack 3.9.67).

I wouldn't worry about trying to avoid the exceptions or return the normal resource. I'm no PHP developer but I believe they are maliciously formed requests - the attacker is expecting a PHP server. They are either attempting to probe for the PHP version and environment working directory, or trying to set the environment variable to the root directory (I'm not sure on the direction of the 'cookie <-> variable' crap-magic that PHP does).

EDIT: I ended up writing a fix for it: https://github.com/ServiceStack/ServiceStack/pull/857

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CookieException with CookieContainer: The 'Path' part of the cookie is invalid CookieException thrown adding to CookeContainer; cookie not long c# - CookieException during CookieContainer.Add, part of the cookie is invalid C# ScrapySharp 'System.Net.CookieException: 'The 'Name'='HttpOnly, NID' part of the cookie is invalid.' BasicAuthProvider in ServiceStack PCF and servicestack ServiceStack - FluentValidation AOP with ServiceStack ServiceStack CustomRegistrationFeature ServiceStack Performance
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM