Special Characters - IIS7

From Hostek.com Wiki
Jump to: navigation, search

Ampersand & the Request URL in IIS7

When using IIS7, and filenames which include the ampersand character do not work and the generate the response “400 Bad Request”. The ampersand (&) is considered a "restricted character" and the request is rejected. The optimal solution is to rename any file names with ampersands. Alternatively there are two common solutions:

  1. Change the Managed Pipeline Mode of the Application Pool from Integrated to Classic.
  2. Add the following to the .Net configuration, this could either be placed within a web.config file in the folder or the middle two lines could be placed within the server's web.config file in order to affect all sites.
<configuration>
   <system.web>
     <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
     <pages validateRequest="false" />
   </system.web>
</configuration>


Railo or ColdFusion - Boncode Connector Explained

The second optional resolution will work for sites using Railo and the Boncode connector.

The BonCode connector requires .NET 4 in Integrated mode. It has a wildcard mapping and evaluates all requests to see if they should be handled by Railo or ColdFusion. The BonCode connector utilizes .Net so the built-in .Net request filtering is blocking the request as 'potentially dangerous' as '&' characters are used in SQL (potentially used in sql-injection).

When you set the application to use a 'Classic Mode' application pool, the BonCode wildcard mapping no longer runs because of the 'PreConditions' set for that handler (since it requires 'Integrated Mode') and that fixes the issue.