IMPORTANT!! Project moved to GitHub

ProceXSS is a Asp.NET Http module for preventing xss attacks.
Sample usage exist in a source code. Basic usage description is also available

Nuget Package

Basic usage
Add following line below the node <configSections> in web.config file

<section name="antiXssModuleSettings" type="ProceXSS.Configuration.AntiXSSModuleConfigurationSectionHandler, ProceXSS"/>

and Add the following configurations below the node <configuration>,

<antiXssModuleSettings redirectUrl="/Default.aspx" log="False" mode="Ignore" isActive="True"
eval[^a-zA-Z_0-9]*(\%28|\()|(((\%3C) &lt;)[^\n]+((\%3E) &gt;))">
      <add name="url1" value="/"/>
      <add name="url2" value="/default.aspx"/>

There is a two option for mode property. These are Ignore and Redirect. When the redirect mode active system will redirect the request to value of RedirectUri.

And add the following configurations below <system.web> <httpModules>
<add name="AntiXSSModule" type="ProceXSS.AntiXSSModule, ProceXSS, Version=your assembly version, Culture=neutral" />

IMPORTANT: Log feature uses a NLog 3 Party. If log feature is active, to do this have to set NLog configuration. NLog documentation available on

Informations referenced from

Nuget package available on

Last edited Dec 11, 2012 at 8:30 PM by ziyasal, version 18