none
%25 within a URL results in '400 Bad Request'. RRS feed

  • Question

  • Hi,

    We have 2 servers running IIS 7 on 2008 server  r2 standart sp1. We have configured them the same. however it seems that due to automatic windows updates - they might be slightly different. Both servers running identical copy of our application (written in C# using Framework 3.0).

    Our application HttpHandler logs all requests (both successfull and failed).

    When a request with '%25' character in the url (the encoding of '%') is sent to these applications one server is proccessing the request with no problems.  while the other responses with '400 Bad Request' and there is no entry in the log ,

    It seems the request is blocked even before the HttpHandler is entered.

    The web.config used by our applications is identical and is included below.

    Any Help will be appreciated !

    Thanks,

    Rinat

    <?xml version="1.0" encoding="UTF-8" ?> <configuration> <configSections> <section name="Eternix.Common.Diagnostics.Log" type="System.Configuration.SingleTagSectionHandler" /> <section name="Eternix.Common.Diagnostics.Log.File" type="System.Configuration.SingleTagSectionHandler" /> <section name="impersonation" type="System.Configuration.NameValueSectionHandler" /> </configSections> <!--<impersonation> <add key="username" value="username" /> <add key="password" value="password" /> </impersonation>--> <appSettings> <add key="BasePath" value="C:\inetpub\wwwroot\QBU.SmartServer" /> <add key="IniFile" value="C:\inetpub\wwwroot\QBU.SmartServer\QBU.SmartServer.ini" /> <add key="ProductHierarchy" value="BIS\QBU Smart Server" /> <add key="DisableDB" value="true" /> <add key="LoggerDir" value="LogDatabase" /> <add key="ProvideExtendedErrorMessage" value="true" /> </appSettings> <connectionStrings /> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="true" batch="true" batchTimeout="120"> <buildProviders> <add extension=".*" type="System.Web.Compilation.PageBuildProvider" /> </buildProviders> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="None" /> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm" /> <error statusCode="404" redirect="FileNotFound.htm" /> </customErrors> --> <authorization> <allow users="*" /> </authorization> <httpRuntime maxRequestLength="2097151" executionTimeout="36000" enableHeaderChecking="false" /> <!--<globalization fileEncoding="utf-8" />--> </system.web> <system.webServer> <security> <requestFiltering> <requestLimits maxAllowedContentLength="2147483640" /> <fileExtensions allowUnlisted="true" applyToWebDAV="true"> <remove fileExtension=".mdb" /> </fileExtensions> </requestFiltering> </security> <handlers> <clear /> <add name="QBU.SmartServerHandler" path="*" verb="*" type="BIS.QBU.SmartServer.HttpHandler" resourceType="Unspecified" preCondition="integratedMode" /> </handlers> <modules> <remove name="RequestFilteringModule" /> <remove name="WebDAVModule" /> <add name="AuthenticationModule" type="BIS.QBU.SmartServer.BasicAuthenticationModule, BIS.QBU.SmartServer, Culture=neutral" /> </modules> <directoryBrowse enabled="false" /> </system.webServer> <Eternix.Common.Diagnostics.Log Mode="File" /> <Eternix.Common.Diagnostics.Log.File Mode="Default" Name="QBU.SmartServer" /> </configuration>


    Monday, August 27, 2012 2:54 PM