The request filtering module is configured to deny a request that contains a double escape sequence

Stevan
Stevan
30 Points
15 Posts

In my asp.net MVC application, I'm trying to access following url:

/search/food+water

I'm getting error code  404.11 with error:

HTTP Error 404.11 - Not Found

The request filtering module is configured to deny a request that contains a double escape sequence.

 

Views: 7235
Total Answered: 2
Total Marked As Answer: 0
Posted On: 10-Feb-2019 01:28

Share:   fb twitter linkedin
Answers
beginer
beginer
84 Points
32 Posts
         

You can use following configuration in web.config

<system.webServer>
  <security>
    <requestFiltering allowDoubleEscaping="true"> </requestFiltering>
  </security>
</system.webServer>
Posted On: 11-Feb-2019 08:23
Smith
Smith
Participant
386 Points
113 Posts
         

You can use setting in web.config:

<requestFiltering allowDoubleEscaping="true" />

but it will create some security problems because this makes your site more vulnerable to malicious URLs.
What I suggest, either you use another encryption algorithm that doesn't generate these "IIS" sensitive characters, or if you wanna use the above workaround, you need to implement proper URL/User-Input validations in order to make sure that you catch and prevent all suspicious entries.

Posted On: 07-Mar-2019 04:43
 Log In to Chat