Main Points

This page is under heavy testing. Don't expect it to make much sense at this point, but if you have any suggestions, we'd love to hear from you. For more information check out our explanation of the code.

Show Raw HTTP Data

Here's a comparison of the raw data vs. the new, more sophisticated sanitization output. For kicks add some form input and see what happens.

Form Field Demo
  • Key / Value Pair: [first]: first Form string
  • Key / Value Pair: [HTTP_USER_AGENT]: CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
  • Key / Value Pair: [HTTP_USER_AGENT Sanitized]: CCBot__slash__1.0 http__colon____slash____slash__www.commoncrawl.org__slash__bot.html
  • Key / Value Pair: [URL]: /ECBeta/Testing/AspNet/CSharpProgramming/CSharp0604NonDraconianWhitelistsOutput.aspx
  • Key / Value Pair: [URL Sanitized]: __slash__ECBeta__slash__Testing__slash__AspNet__slash__CSharpProgramming__slash__CSharp0604NonDraconianWhitelistsOutput.aspx
  • Key / Value Pair: [HTTP_ACCEPT_LANGUAGE]: en-us,en;q=0.5
  • Key / Value Pair: [HTTP_ACCEPT_LANGUAGE Sanitized]: en-us,en__semicolon__q0.5
  • Key / Value Pair: [REMOTE_ADDR]: 38.107.179.221
  • Key / Value Pair: [REMOTE_ADDR Sanitized]: 38.107.179.221
  • Key / Value Pair: [REMOTE_HOST]: 38.107.179.221
  • Key / Value Pair: [REMOTE_HOST Sanitized]: 38.107.179.221
  • Key / Value Pair: [HTTP_ACCEPT]: text/html,application/xhtml+xml,text/xml;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
  • Key / Value Pair: [HTTP_ACCEPT Sanitized]: text__slash__html,application__slash__xhtmlxml,text__slash__xml__semicolon__q0.9,text__slash__plain__semicolon__q0.8,image__slash__png,__slash____semicolon__q0.5
  • Key / Value Pair: [HTTP_ACCEPT_CHARSET]: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  • Key / Value Pair: [HTTP_ACCEPT_CHARSET Sanitized]: ISO-8859-1,utf-8__semicolon__q0.7,__semicolon__q0.7
  • Key / Value Pair: [HTTP_ACCEPT_ENCODING]: gzip
  • Key / Value Pair: [HTTP_ACCEPT_ENCODING Sanitized]: gzip
  • Key / Value Pair: [last]: last Form string

Original Sanitized HTTP Data

I should note that this has been modified from the truly original sanitization because we could not even view the HTTP data. The "truly" original sanitized server data looked like this.

<li>
Key / Value Pair: [REQUESTMETHOD]:{Empty String}
 </li>
<li>
Key / Value Pair: [SCRIPTNAME]:{Empty String}
 </li>
<li>
Key / Value Pair: [SERVERNAME]:{Empty String}
 </li>
<li>
Key / Value Pair: [SERVERPORT]:{Empty String}
 </li>

Because I did not have underscores in the original "draconian" sanitization whitelist, the names of the server variables were managled and none of the fields matched the valid key names. Since there were no keys with any of these names, they all return empty strings. Just one of the problems with my current draconian whitelist which underscores... haha, the need for a more sophisticated whitelist. Analytics will not work without the underscore, _, character and it's a pretty safe character I know of no ways it can be used in an attack. Therefore, I've added it to my whitelist, and this is what you're seeing.

  • Key / Value Pair: [first]: first Form string
  • Key / Value Pair: [ALL_HTTP]: HTTP_CACHE_CONTROLno-cacheHTTP_CONNECTIONcloseHTTP_PRAGMAno-cacheHTTP_ACCEPTtexthtmlapplicationxhtmlxmltextxmlq09textplainq08imagepngq05HTTP_ACCEPT_CHARSETISO-8859-1utf-8q07q07HTTP_ACCEPT_ENCODINGgzipHTTP_ACCEPT_LANGUAGEen-usenq05HTTP_HOSTatlasearthchroniclecomHTTP_USER_AGENTCCBot10 httpwwwcommoncrawlorgbothtmlHTTP_X_CC_IDccc02-02HTTP_X_REWRITE_URLECBetaTestingAspNetCSharpProgrammingCSharp0604NonDraconianWhitelistsOutputaspx
  • Key / Value Pair: [ALL_RAW]: Cache-Control no-cacheConnection closePragma no-cacheAccept texthtmlapplicationxhtmlxmltextxmlq09textplainq08imagepngq05Accept-Charset ISO-8859-1utf-8q07q07Accept-Encoding gzipAccept-Language en-usenq05Host atlasearthchroniclecomUser-Agent CCBot10 httpwwwcommoncrawlorgbothtmlx-cc-id ccc02-02X-REWRITE-URL ECBetaTestingAspNetCSharpProgrammingCSharp0604NonDraconianWhitelistsOutputaspx
  • Key / Value Pair: [APPL_MD_PATH]: LMW3SVC3231ROOT
  • Key / Value Pair: [APPL_PHYSICAL_PATH]: CSitesSingle43lisakristinwebroot
  • Key / Value Pair: [AUTH_TYPE]: {Empty String}
  • Key / Value Pair: [AUTH_USER]: {Empty String}
  • Key / Value Pair: [AUTH_PASSWORD]: {Empty String}
  • Key / Value Pair: [LOGON_USER]: {Empty String}
  • Key / Value Pair: [REMOTE_USER]: {Empty String}
  • Key / Value Pair: [CERT_COOKIE]: {Empty String}
  • Key / Value Pair: [CERT_FLAGS]: {Empty String}
  • Key / Value Pair: [CERT_ISSUER]: {Empty String}
  • Key / Value Pair: [CERT_KEYSIZE]: {Empty String}
  • Key / Value Pair: [CERT_SECRETKEYSIZE]: {Empty String}
  • Key / Value Pair: [CERT_SERIALNUMBER]: {Empty String}
  • Key / Value Pair: [CERT_SERVER_ISSUER]: {Empty String}
  • Key / Value Pair: [CERT_SERVER_SUBJECT]: {Empty String}
  • Key / Value Pair: [CERT_SUBJECT]: {Empty String}
  • Key / Value Pair: [CONTENT_LENGTH]: 0
  • Key / Value Pair: [CONTENT_TYPE]: {Empty String}
  • Key / Value Pair: [GATEWAY_INTERFACE]: CGI11
  • Key / Value Pair: [HTTPS]: off
  • Key / Value Pair: [HTTPS_KEYSIZE]: {Empty String}
  • Key / Value Pair: [HTTPS_SECRETKEYSIZE]: {Empty String}
  • Key / Value Pair: [HTTPS_SERVER_ISSUER]: {Empty String}
  • Key / Value Pair: [HTTPS_SERVER_SUBJECT]: {Empty String}
  • Key / Value Pair: [INSTANCE_ID]: 3231
  • Key / Value Pair: [INSTANCE_META_PATH]: LMW3SVC3231
  • Key / Value Pair: [LOCAL_ADDR]: 65182100141
  • Key / Value Pair: [PATH_INFO]: ECBetaTestingAspNetCSharpProgrammingCSharp0604NonDraconianWhitelistsOutputaspx
  • Key / Value Pair: [PATH_TRANSLATED]: CSitesSingle43lisakristinwebrootECBetaTestingAspNetCSharpProgrammingCSharp0604NonDraconianWhitelistsOutputaspx
  • Key / Value Pair: [QUERY_STRING]: {Empty String}
  • Key / Value Pair: [REMOTE_ADDR]: 38107179221
  • Key / Value Pair: [REMOTE_HOST]: 38107179221
  • Key / Value Pair: [REMOTE_PORT]: 44473
  • Key / Value Pair: [REQUEST_METHOD]: GET
  • Key / Value Pair: [SCRIPT_NAME]: ECBetaTestingAspNetCSharpProgrammingCSharp0604NonDraconianWhitelistsOutputaspx
  • Key / Value Pair: [SERVER_NAME]: atlasearthchroniclecom
  • Key / Value Pair: [SERVER_PORT]: 80
  • Key / Value Pair: [SERVER_PORT_SECURE]: 0
  • Key / Value Pair: [SERVER_PROTOCOL]: HTTP11
  • Key / Value Pair: [SERVER_SOFTWARE]: Microsoft-IIS60
  • Key / Value Pair: [URL]: ECBetaTestingAspNetCSharpProgrammingCSharp0604NonDraconianWhitelistsOutputaspx
  • Key / Value Pair: [HTTP_CACHE_CONTROL]: no-cache
  • Key / Value Pair: [HTTP_CONNECTION]: close
  • Key / Value Pair: [HTTP_PRAGMA]: no-cache
  • Key / Value Pair: [HTTP_ACCEPT]: texthtmlapplicationxhtmlxmltextxmlq09textplainq08imagepngq05
  • Key / Value Pair: [HTTP_ACCEPT_CHARSET]: ISO-8859-1utf-8q07q07
  • Key / Value Pair: [HTTP_ACCEPT_ENCODING]: gzip
  • Key / Value Pair: [HTTP_ACCEPT_LANGUAGE]: en-usenq05
  • Key / Value Pair: [HTTP_HOST]: atlasearthchroniclecom
  • Key / Value Pair: [HTTP_USER_AGENT]: CCBot10 httpwwwcommoncrawlorgbothtml
  • Key / Value Pair: [HTTP_X_CC_ID]: ccc02-02
  • Key / Value Pair: [HTTP_X_REWRITE_URL]: ECBetaTestingAspNetCSharpProgrammingCSharp0604NonDraconianWhitelistsOutputaspx
  • Key / Value Pair: [last]: last Form string

Section3

Paragraph3.

Conclusion.