Problem with a URL that ends with

Question

I have a big problem. There are devices in live that send the URL \"/updates \". It\'s a typo of the developer for those devices. In the server logs, it looks like \"/upd

Answer 1

If you have access to code why not just check for '+' at the end and remove it?

Answer 2

Ok, this is an old thread, but I like to add a workable solution that works for all ASP.NET versions. Have a look at this answer in a related thread. It basically comes down to registering to the event PreSendRequestHeaders in global.asax.cs.

Alternatively, when on ASP.NET 4.0 or higher, use <httpRuntime relaxedUrlToFileSystemMapping="true" /> in web.config.

Answer 3

you could run a URL-rewriting ISAPI, like IIRF.

Answer 4

According to some, this is in System.Web.dll:

internal static void CheckSuspiciousPhysicalPath(string physicalPath)
{
  if (((physicalPath != null) && (physicalPath.Length > 0))
    && (Path.GetFullPath(physicalPath) != physicalPath))
  {
    throw new HttpException(0x194, "");
  }
}

I guess you cannot change that, but can't one disable it in the IIS settings? Of course, that would also disable all other checks... :-(

Or write some ISAPI filter that runs before the above code? Writing your own module is said to be easy, according to Handle URI hacking gracefully in ASP.NET.

Or, create your own error page. In this page (like suggested in the URI hacking link above) search for specific text in exception.TargetSite.Name, such as CheckSuspiciousPhysicalPath and if found (or simply always) look at current.Request.RawUrl or something like that, clear the error and redirect to a repaired URL?