We are facing the below issues and so the requests are blocked by Web Application Firewall(Imperva Secure Sphere Firewall).
1. Extremely Long Parameter HTTP/1.x Protocol Policy - Grid_clientState parameter value Part Size : 5132 Limit : 4096 Truncated
2: ../../ Found In : post-parameters Offset : 1022 Dictionary Name
Kindly let us know the solution to proceed further.
Thanks in Advance
Kindly let us know the solution for the above issue asap.
Thanks in advance
Thank you for your question.
To be honest this is the first time I hear about such a problem. I assume this might be related to the ViewState of the grid or page, which means that it should be cleared out at some point. I did a quick check with the official ASP.NET View State article, and they are only mentioning clearing a view state when persisting it manually:
"The second challenge arises because, each time a user visits a different page, a new file holding that page's view state will be created. Over time this will lead to thousands of files. Some sort of automated task would be needed to periodically clean out the view state files older than a certain date. I leave this as an exercise for the reader."
For the second issue, the PFA screenshot
../../ Found In : post-parameters Offset : 1022 Dictionary Name
Kindly help us to resolve the issue
Hi Giridhar,could you please provide more details on the scenario ? This could help us understand and support you in troubleshooting.
Based on the scarce ifnormatiom, I assume that a Post request is being made, which includes the Grid View State object, which is often quite big. It seems that Imperva Secure Sphere listens to this requests and block them if 1) the data transferred exceeds a given size or 2) Finds "../.." or similar in the data.
A quick test you can do is to set EnableAjaxViewState and EnableDataViewState properties of the grid to false and see of the request would pass this time. Also, move the ig_res folder two leves deeper in the hierarchy, and then use the StyleSetPath property to let the WebDataGrid knows the new location of the ig_res. Ihope this will make the ViewState object get rid of the "../.." symbols.In the end, the requests are being blocked by a third party software, so I recommend reaching out to this vendor first, asking for recommendations how to allow certain requests like the above mentioned.
We have managed to get rid of ../ symbols by updating the infragistics.web config section in the Web.config file by providing the absolute path instead of relative path in styleSetPath Except for WebDataTree control
<infragistics.web styleSetName="Default" styleSetPath="http://<domainname>/eFACiLiTY_Dev_Latest/ig_res" />
For View State Issue, When setting EnableAjaxViewState and EnableDataViewState properties as false on the Grid, the existing functionalities of Grid such as Editor Providers assigned to columns are not appearing in the Grid. We are binding DataSet to the grid server side.
Please find the attached screenshot for WebDataTree containing ../ in "res" parameter.