404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Mar
24
Written by:
Tuesday, March 24, 2009 3:54 PM
I recently had reported problems when using IIS7 that Urls with a + in the url were failing with 404 errors. This was to do with the Url Master module, which often rewrites Urls to use a simple space encoding (+) rather than the messy (but still valid) %20 encoding. Normally this is where you have a DNN module that uses a querystring value, where the querystring value gets incorporated into the path of the Url via Friendly Url generation.
As is often the case with errors, I have never heard of them and then within a week I'll get several reports of the same error, even when a particular problem has been 'in the wild' for a long period of time. It's like the progression of systems across new technologies happens at a steady rate, so that very few people are a long way ahead and trying new things.
The problem occurs in Urls like this : www.mysite.com/my-page-name/key/value+with+spaces.aspx
This Url would be rewritten to this value : www.mysite.com/default.aspx?key=value+with+spaces
Note that with the Url Master module, while it can replace spaces in DotNetNuke page names to construct human friendly urls, it doesn't replace spaces in querystring values. This is because the module waiting for the rewritten query string might not be expecting a change in the value, and you can't just stick hyphens in where a space is, and then remove them again. If you did that, you'd eventually run into a case where a legitimate hyphen was removed from the query string.
Example of the Problem
To clarify the problem further, here's an example of how the problem shows up. It involves two of my modules, the iFinity Tagger and the Url Master modules.
The Tagger module shows a listing of all tagged items when the Tag is requested in the query string, like this :
mysite.com/Tag-List/two+word+tag/
The '+' in the url is put there by the Url Master module, to make the Url look nice and simple, rather than the correct but frantically ugly:
mysite.com/Tag-List/two%20word%20tag/
If you're running your DotNetNuke install (or any asp.net application, for that matter) on IIS7, then you'll get an IIS 404.
Why get 404 errors with +?
The reason that this doesn't work on IIS 7.0 is that Microsoft decided to tighten up on what's legal and what's not, and implement the Url standards more strictly, for security reasons.
Solution to the Problem
The long term solution is to include a choice of space-encoding in the relevant modules, but that will take some time to implement.
The short term solution is from this blog posting:
IIS 7.0 Breaking changes for ASP.NET 2.0 applications in Integrated Mode
Here's the relevant excerpt from the page, which shows the workaround/fix.
Request limits and URL processing
The following changes result due to additional restrictions on how IIS processes incoming requests and their URLs.
11) Request URLs containing unencoded “+” characters in the path (not querystring) is rejected by default
You will receive HTTP Error 404.11 – Not Found: The request filtering module is configured to deny a request that contains a double escape sequence.
This error occurs because IIS is by default configured to reject attempts to doubly-encode a URL, which commonly represent an attempt to execute a canonicalization attack.
Workaround:
1) Applications that require the use of the “+” character in the URL path can disable this validation by setting the allowDoubleEscaping attribute in the system.webServer/security/requestFiltering configuration section in the application’s web.config. However, this may make your application more vulnerable to malicious URLs:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
14 comment(s) so far...
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Hey thanks for this fix - I just came across exactly the same problem whilst building a site using asp.net mvc.
Having the plus character instead of spaces is a definite bonus when it comes to SEO...
By Bri on
Friday, April 10, 2009 2:53 AM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
I have done the steps given above, but still i am not able to see the image on the browser.
My problem: i have created a virtual directory under the default site that contains images. Some of the image name contains a plus (+) sign in it.
This images come broken on the site. Machine configuration : win 2k8, IIS 7, SSRS 2008 (where the images are shown)
Please help me.
By Rency Fernandes on
Saturday, April 25, 2009 12:02 AM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
@rency you'll have to trace back to why the images are not showing. You can always rename the image files to remove the + sign - this is the easiest way to fix a problem like that. This error is related to requests where the path has a plus sign in it, not a filename.
By Bruce Chapman on
Saturday, April 25, 2009 8:48 AM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
hi Bruce,
Thanks for the reply, i really appreciate it...
Actually the filname appears in the path, hence the problem... i have aroud 8000 images in my application, and they keep on adding... Renaming the filname does not work for me. i have another machine with the same configuration and there it works... i am not sure how..
is there any other way to fix it without renaming the image?
By Rency Fernandes on
Saturday, April 25, 2009 4:12 PM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
hi Bruce,
Thanks for the reply, i really appreciate it...
Actually the filname appears in the path, hence the problem... i have aroud 8000 images in my application, and they keep on adding... Renaming the filname does not work for me. i have another machine with the same configuration and there it works... i am not sure how..
is there any other way to fix it without renaming the image?
By Rency Fernandes on
Saturday, April 25, 2009 4:31 PM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
@rency if you have it working on one machine, and not the other, it's likely that it's a simple configuration setting wrong somewhere. I would systematically work through all the relevant settings between the two sites and see where they differ, then modify the settings until you can determine what is causing the error. You should also work out if it is a 500 or 404 error causing the broken image. You can do this by copying the image url into a browser window : this shoudl give you more information.
By Bruce Chapman on
Sunday, April 26, 2009 12:10 AM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
hi
Refer the links www.netomatix.com/articles/KBArticle.aspx?a=927672
i was having the same problem it worked perfectly all rite whn i followed above link
there is no need to change name of image
By tanuj on
Tuesday, May 12, 2009 7:14 PM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Thanks, this just solved a problem that had me tearing my hair out all morning!
By Joel on
Saturday, October 31, 2009 9:50 PM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Thanks this helped me out.
By Kevin Miller on
Tuesday, January 05, 2010 2:09 AM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Thank you for sharing this information - I was pulling my hair out for this 404 exception :-)
By Michael Mortensen on
Sunday, February 21, 2010 9:52 AM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Thanks for sharing
By aungtastic on
Thursday, March 18, 2010 6:10 PM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
It's worked.
Thanks for sharing
By MasterXml on
Wednesday, December 08, 2010 7:10 PM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Thank you Thank you Thank you Thank you
You saved me hours of re-doing work!!!
I owe you a pint! :)
By Dananos on
Saturday, July 30, 2011 12:41 AM
|
Re: 404 Error in IIS 7 when using a Url with a plus (+) sign in the path
Thanks! It saved us many hours of investigation!
By Elio on
Saturday, December 17, 2011 8:46 PM
|