How to deal with malicious web requests

In our .NET app we get requests for files like _vti_bin/owssvr.dll (which can be hack attempts). I'd like to handle them by doing something like adding the following code to Application_BeginRequest:

开发者_高级运维    if (HttpContext.Current.Request.Url.ToString().Contains("_vti_bin/owssvr.dll"))
    {
        HttpContext.Current.Response.Clear();
        HttpContext.Current.Response.End();
    }

But I figure this is an unscalable, ineffective way of handling the problem. Any better ideas?

Isn't this the sort of thing URLScan is for?

URLScan is IIS extension from Microsoft that automatically rejects malicious requests before letting IIS handle them. It rejects vti_bin requests and many other attacks.

Two approaches that I've seen work in the past have been to place the following code as a default.aspx (making sure to set default.aspx as a Default Document type within IIS):

<%@ Page language="c#" %>

<Head>
  <script language="CS" runat="server">
    void Page_Load(object sender, System.EventArgs e) 
    {
    Response.Clear();
        Response.StatusCode = 404;
        Response.End();
    } 
  </script>
</Head>

Another solution that I've seen work, is to create a custom HttpHandler with similar behaviour. Then within the web.config define which paths to block.

Why not just tell the webserver that _vti_bin is not web accessible?

Nathan is right urlscan is the way to go -- also note this .NET will not see these requests unless you add *.dll to the extensions that .NET handles. Otherwise, IIs will handle these requests.

Just make sure your webserver doesn't have that security bug. If your server is immune to that exploit, it's pointless to block exploit attempts.