find a location for property in a new city

Thursday, 28 February 2013

The request filtering module is configured to deny a request that contains a double escape sequence

In IIS 7.5 I have a site that contains a page that takes an encrypted part of a URL. This encrypted string includes a plus sign '+' which causes IIS to throw a "HTTP Error 404.11 - Not Found" error stating "The request filtering module is configured to deny a request that contains a double escape sequence."

The problem is that a + sign used to be acceptable in earlier versions of IIS so these URLs need to remain for legacy reasons. So, I need to make them allowed again in IIS.

The quick fix

This can be easily achieved with a simple web.config change:

<system.webServer>
    <security>
        <requestFiltering allowDoubleEscaping="true" />
    </security>
</system.webServer>

This allows URLs to contain this plus symbol '+'.

The warning

There are consequences to this which unsurprisingly are security related so please read Double Encoding to familiarise yourself with the risk for your situation. If it is a risk to you maybe the best solution is to redesign those URLs?

Follow britishdev on Twitter

Posted by Colin Farr at Thursday, February 28, 2013 Labels: ,

9 comments:

  1. Thanks a lot, that helped.

    ReplyDelete

  2. Great tutorial,you have explained about HTTP Error 404,which i found very interesting to read.I must say you have work hard in making this post.
    buy switch board matting in different sizes from http://switchboardmattingco.co.uk/

    ReplyDelete

  3. All the best blogs that is very useful for keeping me share the ideas
    of the future as well this is really what I was looking for, and I am
    very happy to come here. Thank you very much
    earn to die
    earn to die 2
    earn to die 3
    Hi! I’ve been reading your blog for a while now and finally got the
    earn to die 4
    courage to go ahead and give youu a shout out from
    earn to die 6
    Austin Texas! Just wanted to tell
    earn to die 5
    you keep up the fantastic work!my weblog
    age of war
    Hi! I’ve been reading your blog for a while now and finally got the
    happy wheels
    strike force heroes
    slither io
    slitherio
    good game empire

    ReplyDelete

  8. The best space for your child to relax!: wingsio | slither io | abc

    ReplyDelete

  9. Let’s keep are safe place to play the very best free games for kids! Please click:
    slither.io | wings.io | happy wheels | abcya | happy wheels the game free | pokemon go to play for free games for kids!

    ReplyDelete

Subscribe to: Post Comments (Atom)