Vulnerability in EPiServer.Forms
Hi, i am receiving intermittent 404 errors from EPiServers static filehandler from files served from vpp, there are no errorlogs or anything of the sort neither from log4net or windows logs, have anyone experienced the same? The vpp files is served from an unc path. And it happens randomly in about 1 out of 50 requests, doesn't matter which extension or mimetype.
The relevant sections in web.config looks like this:
<location path="Global"> <system.webServer> <handlers> <add name="webresources" path="WebResource.axd" verb="GET" type="System.Web.Handlers.AssemblyResourceLoader" /> <add name="wildcard" path="*" verb="*" type="EPiServer.Web.StaticFileHandler, EPiServer" /> </handlers> </system.webServer> <staticFile expirationTime="-1.0:0:0" /> </location>
And the relevant section in episerver.config looks like this:
<virtualPath customFileSummary="~/FileSummary.config"> <providers> <clear /> <add showInFileManager="true" virtualName="Page Files" virtualPath="~/Global/" bypassAccessCheck="false" name="SitePageFiles" type="EPiServer.Web.Hosting.VirtualPathVersioningProvider,EPiServer" indexingServiceCatalog="Web" physicalPath="\\someserver\someshare" /></providers> <filters /> </virtualPath>
Do you know if you have made adjustments to the settings described there?
We have not done the adjustments provided in that article, the site is not live yet so there is basically no load on the server and the errors do not happen on other environments(test or qa) where the server setup is the same.
There is also nothing in any of the logfiles the technet article mentions.
Are you getting the same result if you try to put the VPP-dirs on a local path?
local path for VPP dirs is not an option as it is a load balanced environment, keeping the folders in sync via external tools or DFS or someting else is not something we prefer.
I was suggesting to test if the errors keep coming if you have a local path set to rule out other configuration problems or possible bug in EPi/your project.
My guess is that the Share is somehow involved and this test would make that assumption stronger.
We're experiencing the same thing but in our case, the files are on a local path. We're trying to figure out a pattern. If you have any idea, please help !
There is a logging VirtualPathVersioningProvider that might be helpful here...