Special Characters - IIS7

From Hostek.com Wiki
Jump to: navigation, search

Ampersand & the Request URL in IIS7

When using IIS7, and filenames which include the ampersand character do not work and the generate the response “400 Bad Request”. The ampersand (&) is considered a "restricted character" and the request is rejected. The optimal solution is to rename any file names with ampersands. Alternatively there are two common solutions:

  1. Change the Managed Pipeline Mode of the Application Pool from Integrated to Classic.
  2. Add the following to the .Net configuration, this could either be placed within a web.config file in the folder or the middle two lines could be placed within the server's web.config file in order to affect all sites.
<configuration>
   <system.web>
     <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
     <pages validateRequest="false" />
   </system.web>
</configuration>


Railo or ColdFusion - Boncode Connector Explained

The second optional resolution will work for sites using Railo and the Boncode connector.

The BonCode connector requires .NET 4 in Integrated mode. It has a wildcard mapping and evaluates all requests to see if they should be handled by Railo or ColdFusion. The BonCode connector utilizes .Net so the built-in .Net request filtering is blocking the request as 'potentially dangerous' as '&' characters are used in SQL (potentially used in sql-injection).

When you set the application to use a 'Classic Mode' application pool, the BonCode wildcard mapping no longer runs because of the 'PreConditions' set for that handler (since it requires 'Integrated Mode') and that fixes the issue.

Retrieved from "https://wiki.hostek.com/index.php?title=Special_Characters_-_IIS7&oldid=1220"