|License Type||SaaS & On-Premise|
|Agent Mode||Assess & Protect|
|Main Product Category||.NET Agent|
|Sub Category||Runtime Exception|
A particular resource (page, image, etc.) works normally when the .NET agent isn't running, but stops working when the agent is running.
When using browser developer tools - or something similar to view network traffic - and the .NET agent is running, the resource returns 0 bytes.
The .NET aget uses a filter in a
System.Web.IHttpModule to gather HTTP response data. There is a known Microsoft bug in the .NET framework:
HttpModules with filters can cause resources such as WebResource.axd to return 0 bytes (which can result in 500 status responses for embedded resources such as images).
Use one of the following strategies to resolve this issue:
Configure the .NET agent using the
web_module_allowlistsetting to prevent Contrast from applying the
HttpModulesfilter to the resource. This is done by adding the following to your contrast_security.yaml file:
Disable collection and analysis of HTTP response bodies by disabling full-content-analysis in %ProgramData%\Contrast\dotnet\customerPolicy.xml with the following setting:
See the article on Custom Policy for more information.