Reduce noise in merchant error log

Applies to: AbleCommerce version 7.0.7

Date:  05/23/2011

7/07/11 - Service Release 1 is available.  You can skip this patch and apply AbleCommerce 7.0.7 SR1a instead.

Description of Issue:

The online error log has messages that should be filtered to make it easier to find the valid warnings.

Symptom:

The merchant error log fills up with warnings about potentially dangerous requests. The problem is that tools like HackerSafe generate thousands of these requests on purpose to test for vulnerabilities. When it occurs, your error log is full of noise and you might miss valid warnings.

The global.asax file should be updated to filter these requests and not log them to the AbleCommerce online error log. The errors are already logged by IIS in the windows event log.

Fix:

To correct the issue:

Update the global.asax file as shown below:

            if (exception is HttpException)
            {
                // IGNORE 404 RESOURCE NOT FOUND ERRORS
                if(((HttpException)exception).GetHttpCode() == 404)
                    return;
                     
                // IGNORE POTENTIALLTY DANGEROUS REQUESTS (ALSO LOGGED IN EVENT LOG)
                if(((HttpException)exception).Message.StartsWith("A potentially dangerous"))
                    return;
            }