I have been doing some looking lately at the feasibility of filtering HTTP traffic that is junk – kind of like spam filters try to get traffic that is email spam off the wire. This stems from some spirited mailing list debates about the value of mod_security and application firewalls in general. The problems are different, but there may be some interesting commonalities.
One interesting example of this is ASP.NET PageValidation routine that helps to detect and stop certain cross site scripting (XSS) patterns. This filtering isn’t perfect by any means, but it does help to get provide at least a base level of filtering of traffic that is almost surely malicious and applications have to “opt in” before they can receive traffic matching their filter patterns.
- Here is a decompilation of the ASP.NET page validation routine with some explanation of what it does and does not do
dan _at_ denimgroup.com