0

In the ASP.net web application that I am working on, there is a link like below

<a href="search.aspx?orig_q=source:%22INFCE/DEP./WG--8/48%22">INFCE/DEP./WG--8/48</a>

When I click on the link, it gives a File not found (404) error. I did a bit of research and believe that it is the presence of "./" (dot-slash) sequence in the link which is causing this error.

I tried encoding the link as below (though period is OK in a URL)

<a href="search.aspx?orig_q=source:%22INFCE%2FDEP%2E%2FWG--8%2F48%22">INFCE/DEP./WG--8/48</a>

But, it did not help. It still gives me the same error. Any ways to overcome this?

itsbalur
  • 992
  • 3
  • 17
  • 39

2 Answers2

0

It looks to me like you shouldn't have those %22 in there. %22 is ascii char for quote. I think that might be hosing you.

davehale23
  • 4,374
  • 2
  • 27
  • 40
  • Not really. I have similar other links that work. From the link provided in the question, If I remove the period, the links works just fine. – itsbalur Apr 24 '12 at 14:41
0

IIS 7.5 has rules to filter character sequences that appear in a querystring. The dot-slash was one of them, which is a potential security threat. It can be overcome by adding the below tag in the web.config under <security>

<requestFiltering>
    <denyQueryStringSequences>
      <remove sequence="./"/>
    </denyQueryStringSequences>
</requestFiltering>
itsbalur
  • 992
  • 3
  • 17
  • 39