SRE issue

Jun 17, 2010 at 8:42 PM

We are trying to use SRE in our ASP.NET Web application. We used the SRE configuration file from the sample app provided by AntiXss 3.1 install.
Added httpmodule the same way as in Sample app and copied module dll to the bin folder. We also used summary.aspx from the sample to simulate XSS attack.
The attack is not block in our application but it is blocked in sample application. We are running both sample and our application from within Visual Studio 2008.
Could you please point us in the right direction since we spent already almost a week and still could not find the solution for this problem.

 

 

 

Coordinator
Jun 17, 2010 at 8:46 PM

It sounds like the module is not being loaded.

So I need some more details

1) What version of the .NET framework is on the web server?

2) Is the application pool running in classic or integrated?

3) Your web.config (obviously removing any connection strings, passwords etc).

 

Thanks,

Barry

 

Jun 17, 2010 at 9:36 PM

Please see our responses below:

1) .NET 2.0 is on the web server
2) Classic
3) This file is too big so may be you can provide us with your email address or url where we can upload web.config.

One important detail is that we tried to use our web.config in the sample application and the sample application continued to work properly.

We also tried to remove the module dll while application was running and got an error, so we assume that the module is loaded.

Coordinator
Jun 17, 2010 at 9:39 PM

Weird, it should be working. You can fire to me by taking my codeplex username and adding @microsoft.com. I'll take a peek when I can.

Jul 19, 2010 at 8:19 PM

I am encountering the same issue.  do we have the resolution for this issue?

 

Coordinator
Jul 19, 2010 at 8:27 PM

This was a bug in the old code, which has now been corrected. The latest source tree is up to date and you can download the corrected version from here. I've been awaiting confirmation from affected users before I replace the links.

Jul 19, 2010 at 10:53 PM

Thanks for the promptly reply.  I've deleted the old version, and get the latest version from the link you provided.  It's working like a champ. 

 

Coordinator
Jul 19, 2010 at 10:55 PM

Excellent! Thank you for confirming it,