Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET 4 URL limitations: why URL cannot contain any %3f characters

http://site.com/page%3fcharacter

This URL will return the following error:

Illegal characters in path.

I'm already put this in web.config:

<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
<pages validateRequest="false"> 
...

How can I fix this error?

like image 799
stacker Avatar asked May 14 '10 00:05

stacker


1 Answers

If you want to allow the request through, you need to add requestPathInvalidCharacters and set it to an empty string:

<system.web>
    <httpRuntime requestPathInvalidCharacters="" />
</system.web>

Edit You should leave your original question in place, because now my answer does not make sense.

But in answer to your second question, that it's because %3f corresponds to '?' which is not allowed in file names on Windows. You can set the relaxedUrlToFileSystemMapping property to true to change this behaviour:

<system.web>
    <httpRuntime requestPathInvalidCharacters=""
                 relaxedUrlToFileSystemMapping="true" />
</system.web>

You might want to look through all of the properties in the HttpRuntimeSection class to see if there's any others that might apply.

You can also implement a sub class of RequestValidator and set up your web.config to use your subclass (that will presumably allow all URLs through?). Personally, I wouldn't bother and just let the built-in classes handle it. It's unlikely that a normal user is every going to accidentally type in "%3f" in a path, and why bother going to so much trouble to improve the use-case for malicious users?

This, by the way, is actually a new feature in ASP.NET 4, which is why Stack Overflow doesn't spit out an error: it's running on .NET 3.5.

like image 72
Dean Harding Avatar answered Oct 26 '22 09:10

Dean Harding