We have the recurring issue with either users reloading pages or attacks sending:
- POST to GET actions
- GET to POST actions.
Especially the hacking part floods our logs with errors while trying all kind of url parameters...
Obviously this results in a
HttpException: A public action method 'xyz' was not found on controller 'abc'
- Should we add the other action as well and return 404 Not Found or 400 Bad Request?
- This isn't entirely an asp.net issue. How do other frameworks handle this?
We could also just filter the error messages but this seems kind of a cover up...