front pagerelevant informationIIS reports error 404 "The request filtering module is configured to deny requests that contain double escape sequences."
Software Tutorials relevant information
IIS reports error 404 "The request filtering module is configured to deny requests that contain double escape sequences."
Table of Contents

Cause of error

  • Double escape sequences refer to situations where certain characters are escaped multiple times when escaping a string. In URL encoding, special characters are usually escaped to ensure that they can be correctly passed and parsed by the server. For example, a space is escaped as "%20", and the plus sign (+) is usually not escaped because it represents a space in a URL. However, if the server mistakenly escapes a character that has already been escaped again, a double escape sequence will be generated.

  • The server reported that the request filtering module was configured to reject requests that contained double escape sequences, which could mean that the server believed that the plus sign in the URL had been escaped twice, i.e., the plus sign was escaped as %2B and then escaped again as %252B, which is considered incorrect. The server may reject such a request because it could cause parsing errors or security issues.

Solution

Avoid escaping

  • The key to solving this problem is to ensure that the server interprets special characters in the URL correctly and avoid unnecessary escaping.

Configuration Files

Revise applicationHost.config File configuration, please back up the file before modifying it just in case.

Open the IIS configuration file

  • You can %SystemDrive%\Windows\System32\inetsrv\config Find the corresponding site configuration file in the folder, usually \applicationHost.config, and then open it with a text editor such as Notepad.

Find the URLScan settings

  • Search in configuration files <requestFiltering> In IIS 7, by default, the URLScan module may block URL requests that contain a plus sign.

Add setting to allow plus sign

  • exist <requestFiltering> section, you can add a <allowDoubleEscaping> element, set its value to true, to allow plus signs in URLs. Example:
<security> <requestFiltering allowDoubleEscaping="true"></requestFiltering> </security>

Save and close the file

  • Make sure to save your changes, and close the configuration file.

Restart IIS service

  • To ensure the changes take effect, restart the IIS service.

Website Download Software Tutorials relevant information Buy Pro Member Login Customized services Tutorial Documentation contact us Whole site translation
Software application: front-end template download; development and design; SEO optimization; offline web browsing. Note: This software is not a hacking program and cannot download background data!
Disclaimer: The services are used for personal learning, research or appreciation, as well as other non-commercial or non-profit purposes, but at the same time should comply with the provisions of copyright law and other relevant laws, and must not infringe the legitimate rights of this website and related rights holders. The risks arising from the use of this site's tools have nothing to do with this software.
Copyright © 2019-2024 Rabbit Software All Rights Reserved Guangdong ICP No. 19111427-2
Tutorial Information User Manual Website topics