A particular resource (page, image, etc.) works normally when the .NET agent isn't running, but stops working when the agent is running.
When using browser developer tools - or something similar to view network traffic - and the .NET agent is running, the resource returns 0 bytes.
The .NET agent uses a filter in a
System.Web.IHttpModule to gather HTTP response data. There is a known Microsoft bug in the .NET framework:
HttpModules with filters can cause resources such as WebResource.axd to return 0 bytes (which can result in 500 status responses for embedded resources such as images).
Use one of the following strategies to resolve this issue:
Configure the .NET agent using the
web_module_allowlistsetting to prevent Contrast from applying the
HttpModulesfilter to the resource. This is done by adding the following to your contrast_security.yaml file:
Disable collection and analysis of HTTP response bodies by disabling full-content-analysis: