This is de default of BlogEngine 2.7: <?xml version="1.0"?>
And I have used these settings for quite a while. But my application pool keeps crashing after about a week.
I have enabled elmah logging
<errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/elmahErrors" />
This enabled me to have a better look at what was causing the crashes. Because the elmah page is of course unavailable when BE crashes. The log had several error’s the two most common ones where:
A potentially dangerous Request.Path value was detected from the client
Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
I have now added:
to my pages section in the web.config and have added:
to the httpRuntime section and my error logging feature stays empty and the BlogEngine application returns a nice 404 when trying some querystring injection and/or XSS attacks.
So this will fix all the thrown exceptions and keeps my application pool from automatically shutting down. I have found this on StackOverflow http://stackoverflow.com/a/6026291/169714 but turning off the validateRequest seems like a bad idea.
Good luck with BlogEngine!
1. July 2011 15:24by JP Hellemons
For this small article, I assume that you have an Asp.Net web application running on IIS and that you have setup your SSL certificate. So navigating to https://www.yoursite.com works. This blog post will explain how to redirect all http traffic to https in several easy steps.
1. Get the Web Platform Installer (it’s free!) from Microsoft http://www.microsoft.com/downloads/en/details.aspx?FamilyID=32b0dfe5-f139-4e1c-b412-3da39f50bbf9
2. After you have opened the WebPI (Web Platform Installer) search for: Rewrite
3. Install the component! More...