A Resource Returns 0 Bytes

  • Updated

Issue

  • A particular resource (page, image, etc.) works normally when the .NET agent isn't running, but stops working when the agent is running.

  • When using browser developer tools - or something similar to view network traffic - and the .NET agent is running, the resource returns 0 bytes.

Cause

The .NET agent uses a filter in a System.Web.IHttpModule to gather HTTP response data. There is a known Microsoft bug in the .NET framework: HttpModules with filters can cause resources such as WebResource.axd to return 0 bytes (which can result in 500 status responses for embedded resources such as images).

Resolution

Use one of the following strategies to resolve this issue:

  • Configure the .NET agent using the web_module_allowlist setting to prevent Contrast from applying the HttpModules filter to the resource. This is done by adding the following to your contrast_security.yaml file:

    agent:
    dotnet:
    web_module_allowlist: HttpModules
  • Disable collection and analysis of HTTP response bodies by disabling full-content-analysis:

    assess:
    enable_scan_response: false

     

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request