加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 编程开发 > asp.Net > 正文

来自ASP.NET MVC站点的“无效的JSON原语:alihack”错误

发布时间:2020-12-15 19:49:09 所属栏目:asp.Net 来源:网络整理
导读:我们每天开始收到多个此类错误,出现在事件日志中: Invalid JSON primitive: alihack. at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializePrimitiveObject() at System.Web.Script.Serialization.JavaScriptObjectDeserializer.D
我们每天开始收到多个此类错误,出现在事件日志中:

Invalid JSON primitive: alihack. at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializePrimitiveObject()
at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32
depth) at
System.Web.Script.Serialization.JavaScriptObjectDeserializer.BasicDeserialize(String
input,Int32 depthLimit,JavaScriptSerializer serializer) at
System.Web.Script.Serialization.JavaScriptSerializer.Deserialize(JavaScriptSerializer
serializer,String input,Type type,Int32 depthLimit) at
System.Web.Mvc.JsonValueProviderFactory.GetDeserializedObject(ControllerContext
controllerContext) at
System.Web.Mvc.JsonValueProviderFactory.GetValueProvider(ControllerContext
controllerContext) at
System.Web.Mvc.ValueProviderFactoryCollection.GetValueProvider(ControllerContext
controllerContext) at
System.Web.Mvc.ControllerBase.get_ValueProvider() at
System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext
controllerContext,ParameterDescriptor parameterDescriptor) at
System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext
controllerContext,ActionDescriptor actionDescriptor) at
System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.b__19(AsyncCallback
asyncCallback,Object asyncState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult1.CallBeginDelegate(AsyncCallback
callback,Object callbackState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.Begin(AsyncCallback
callback,Object state,Int32 timeout) at
System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext
controllerContext,String actionName,AsyncCallback callback,Object
state) at
System.Web.Mvc.Controller.b__1c(AsyncCallback
asyncCallback,Object asyncState,ExecuteCoreState innerState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.Controller.BeginExecuteCore(AsyncCallback callback,
Object state) at
System.Web.Mvc.Controller.b__14(AsyncCallback
asyncCallback,Object callbackState,Controller controller) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.Controller.BeginExecute(RequestContext requestContext,
AsyncCallback callback,Object state) at
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.BeginExecute(RequestContext
requestContext,Object state) at
System.Web.Mvc.MvcHandler.b__4(AsyncCallback
asyncCallback,ProcessRequestState innerState) at
System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallBeginDelegate(AsyncCallback
callback,Int32 timeout) at
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase
httpContext,Object state) at
System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext,Object state) at
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext
context,AsyncCallback cb,Object extraData) at
Orchard.Mvc.Routes.ShellRoute.HttpAsyncHandler.BeginProcessRequest(HttpContext
context,Object extraData) at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)

请求转到http://example.com/ali.txt.请求的有效负载中应该有其他内容,因为只需正确打开此URL就会生成404.

这有什么值得担心的吗?我可以,我应该防止这样的错误发生,而是返回一个错误的请求,例如?为什么这种反序列化首先发生?

解决方法

此问题是 (JSON::ParserError) “{N}: unexpected token at ‘alihack<%eval request(”alihack.com”)%>的副本,但对于不同的服务器(IIS).

如果您的网站不使用PUT请求,您可以使用<requestFiltering />拒绝所有这些请求.

<configuration>
   <system.webServer>
      <security>
        <requestFiltering>
          <verbs applyToWebDAV="false">
            <add verb="PUT" allowed="false" />
          </verbs>
        </requestFiltering>
      </security>
   </system.webServer>
</configuration>

否则,url rewrite module可以实现更优雅的解决方案(可以与Web Platform Installer一起安装):

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Abort requests to ali.txt - alihack" patternSyntax="Wildcard" stopProcessing="true">
          <match url="ali.txt" />
          <conditions />
          <action type="AbortRequest" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同