find a location for property in a new city

Thursday, 28 February 2013

The request filtering module is configured to deny a request that contains a double escape sequence

In IIS 7.5 I have a site that contains a page that takes an encrypted part of a URL. This encrypted string includes a plus sign '+' which causes IIS to throw a "HTTP Error 404.11 - Not Found" error stating "The request filtering module is configured to deny a request that contains a double escape sequence."

The problem is that a + sign used to be acceptable in earlier versions of IIS so these URLs need to remain for legacy reasons. So, I need to make them allowed again in IIS.

The quick fix

This can be easily achieved with a simple web.config change:

<system.webServer>
    <security>
        <requestFiltering allowDoubleEscaping="true" />
    </security>
</system.webServer>

This allows URLs to contain this plus symbol '+'.

The warning

There are consequences to this which unsurprisingly are security related so please read Double Encoding to familiarise yourself with the risk for your situation. If it is a risk to you maybe the best solution is to redesign those URLs?

Follow britishdev on Twitter

Posted by Colin Farr at Thursday, February 28, 2013 Labels: ,

22 comments:

  1. Thanks a lot, that helped.

    ReplyDelete

  2. Great tutorial,you have explained about HTTP Error 404,which i found very interesting to read.I must say you have work hard in making this post.
    buy switch board matting in different sizes from http://switchboardmattingco.co.uk/

    ReplyDelete

  3. All the best blogs that is very useful for keeping me share the ideas
    of the future as well this is really what I was looking for, and I am
    very happy to come here. Thank you very much
    earn to die
    earn to die 2
    earn to die 3
    Hi! I’ve been reading your blog for a while now and finally got the
    earn to die 4
    courage to go ahead and give youu a shout out from
    earn to die 6
    Austin Texas! Just wanted to tell
    earn to die 5
    you keep up the fantastic work!my weblog
    age of war
    Hi! I’ve been reading your blog for a while now and finally got the
    happy wheels
    strike force heroes
    slither io
    slitherio
    good game empire

    ReplyDelete

  8. The best space for your child to relax!: wingsio | slither io | abc

    ReplyDelete

  9. Let’s keep are safe place to play the very best free games for kids! Please click:
    slither.io | wings.io | happy wheels | abcya | happy wheels the game free | pokemon go to play for free games for kids!

    ReplyDelete


  12. Thanks for posting this useful content, Good to know about new things here, Let me share this, . Hadoop training in pune

    ReplyDelete

  17. Nice Blog.Thank you for Sharing. We are leading erp software software solution providers in chennai. For more details call +91 9677025199. erp software in chennai | erp providers in chennai | online events registration

    ReplyDelete

  18. Your topic is very great and useful for us…thank you

    lennyfacetext.com

    ReplyDelete

  19. I was working and suddenly I visits your site frequently and recommended it to me to read also. The writing style is superior and the content is relevant. Thanks for the insight you provide the readers!
    www.appbaixar.com

    ReplyDelete

  20. I was very impressed by this post, this site has always been pleasant news. Thank you very much for such an interesting post. Keep working, great job! In my free time, I like play game: vex3game.com. What about you?

    ReplyDelete

  22. This blog is so nice to me. I will continue to come here again and again. Visit my link as well. Good luck
    cara menggugurkan hamil
    cara menggugurkan kandungan

    ReplyDelete

Subscribe to: Post Comments (Atom)