Alternative to ValidateRequest=”false”

The trigger characters for validate request filtering are less-than and html character escape sequences (&#XX;).

More details here: http://keepitlocked.net/archive/2007/10/30/asp-net-validaterequest-and-the-html-attribute-based-cross-site-scripting.aspx

It's intriguing that you can see the full error, but are not capable of accessing the ASP.NET code. Normally, one can only see the full error when in debug mode, because in production, the error-setting is (should be) RemoteOnly or Off. This seems a configuration mistake and a potential risk on the side of the ASP.NET site.

You say "to http post some xml files". If you were indeed posting files, you wouldn't receive this response. Maybe you can contact the site's owner and ask for him to change the form to allow file-input.

You can change your input such that it doesn't look like XML anymore, but then it isn't XML anymore either. I.e., change all < in < and you'll be able to get your data through, but it must be unescaped when processed.

If this site is supposed to accept XML, it must be changed to accept XML. Either it should accept files, or it should accept HTML/XML input by turning ValidateRequest to off. If it is not supposed to receive XML, there's little you can do. It's like filling in a bank's payment form by putting letters in the amount-field: it just won't work (unless it was designed to work that way).