The request filtering module is configured to deny a request that contains a double escape sequence

Stevan

312 Points

20 Posts

In my asp.net MVC application, I'm trying to access following url:

/search/food+water

I'm getting error code 404.11 with error:

HTTP Error 404.11 - Not Found

The request filtering module is configured to deny a request that contains a double escape sequence.

asp.net-mvc c#

Views: 17347
Total Answered: 2
Total Marked As Answer: 1
Posted On: 10-Feb-2019 01:28

Share:

Answers

beginer

1544 Points

52 Posts

You can use following configuration in web.config

<system.webServer>
  <security>
    <requestFiltering allowDoubleEscaping="true"> </requestFiltering>
  </security>
</system.webServer>

Posted On: 11-Feb-2019 08:23

Smith

2890 Points

78 Posts

You can use setting in web.config:

<requestFiltering allowDoubleEscaping="true" />

but it will create some security problems because this makes your site more vulnerable to malicious URLs.
What I suggest, either you use another encryption algorithm that doesn't generate these "IIS" sensitive characters, or if you wanna use the above workaround, you need to implement proper URL/User-Input validations in order to make sure that you catch and prevent all suspicious entries.

Posted On: 07-Mar-2019 04:43

great!

- Priya 07-Sep-2023 22:45