In IIS 7.5 I have a site that contains a page that takes an encrypted part of a URL. This encrypted string includes a plus sign '+' which causes IIS to throw a "HTTP Error 404.11 - Not Found" error stating "The request filtering module is configured to deny a request that contains a double escape sequence."
The problem is that a + sign used to be acceptable in earlier versions of IIS so these URLs need to remain for legacy reasons. So, I need to make them allowed again in IIS.
The quick fix
This can be easily achieved with a simple web.config change:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
This allows URLs to contain this plus symbol '+'.
The warning
There are consequences to this which unsurprisingly are security related so please read Double Encoding to familiarise yourself with the risk for your situation. If it is a risk to you maybe the best solution is to redesign those URLs?
Posts
This evolution trumps normal route in produce price tag efficiencies excellent dissertation literature review!
ReplyDeleteI admit I have not been on this blog in a long time however it was joy to find it again. It is such an important topic and ignored by so many even professionals! I thank you for helping to make people more aware of these issues. Just great stuff as per usual!
ReplyDeleteTungsten wedding band
These kind of articles are always attractive and I am happy to find so many good point here in the post writing is simply great thanks for sharing.
ReplyDeletewe buy houses fast