Issue
-
A particular resource (page, image, etc.) works normally when the .NET agent isn't running, but stops working when the agent is running.
-
When using browser developer tools - or something similar to view network traffic - and the .NET agent is running, the resource returns 0 bytes.
Cause
The .NET agent uses a filter in a System.Web.IHttpModule
to gather HTTP response data. There is a known Microsoft bug in the .NET framework: HttpModules
with filters can cause resources such as WebResource.axd to return 0 bytes (which can result in 500 status responses for embedded resources such as images).
Resolution
Use one of the following strategies to resolve this issue:
-
Configure the .NET agent using the
web_module_allowlist
setting to prevent Contrast from applying theHttpModules
filter to the resource. This is done by adding the following to your contrast_security.yaml file:agent:
dotnet:
web_module_allowlist: HttpModules -
Disable collection and analysis of HTTP response bodies by disabling full-content-analysis:
assess:
enable_scan_response: false