当URL中存在%0A时,IIS 7错误请求响应
[英]IIS 7 Bad Request response when %0A exists in the URL
问题描述
I have an application that was supposed to accept unsafe characters from Salesforce. 
我有一个应用程序,它应该接受来自Salesforce的不安全字符。 They are %0A and %0D (so far...) and they're not working. 它们是%0A和%0D(到目前为止......)并且它们不起作用。
I've set allowDoubleEscaping to true , requestValidationMode to 2.0 , requestPathInvalidCharacters to BLANK , relaxedUrlToFileSystemMapping to true and maxRequestLength to 1024 . 我将allowDoubleEscaping设置为true , requestValidationMode为2.0 , requestPathInvalidCharacters为BLANK , relaxedUrlToFileSystemMapping为true , maxRequestLength为1024 。
It didn't work. 它没用。 Then I tried setting a custom error for 400 to redirect to the same page without passing it the data Salesforce was sending. 然后我尝试将400的自定义错误设置为重定向到同一页面,而不传递Salesforce发送的数据。 Also didn't work. 也没工作。
Then I tried doing the same through the IIS 7 Error Pages section and it still didn't work. 然后我尝试通过IIS 7错误页面部分执行相同操作,但它仍然无法正常工作。
How can I: 我怎样才能:
- Get the app to accept the characters? 获取应用程序接受字符?
- Or get the app/IIS to redirect to the same page for manual entry? 或者让app / IIS重定向到同一页面进行手动输入?
All of this is in an ASP.NET MVC 3 application, but I doubt that matters because its probably IIS stopping it before it even calls the ASP.NET runtime. 所有这些都在ASP.NET MVC 3应用程序中,但我怀疑这很重要,因为它可能会在它调用ASP.NET运行时之前阻止它。
I'd appreciate some help. 我很感激一些帮助。 Thanks in advance! 提前致谢!
3 个解决方案
解决方案1
1 2011-09-01 20:57:18
Where you probably want to look is in the IIS Manager, click on your server node (or website node), an find the Request Filtering icon. 您可能希望查看的位于IIS管理器中,单击您的服务器节点(或网站节点),找到“ Request Filtering图标。 Go to the URL tab and here you can either allow specific URL's always, or change the way URL filtering is handled in general. 转到URL选项卡,您可以在此处始终允许特定URL,或者更改一般处理URL过滤的方式。 I'm sure these setting are also avaialble under the section of the web.config file, but I dont know off hand what all the settings elements and attributes would be (I'm sure you could do a search and find them easily). 我确信这些设置在web.config文件的部分下也是可用的,但是我不知道所有设置元素和属性是什么(我确信你可以进行搜索并轻松找到它们)。
You may have to fight past ASP.NET after you fix this as well. 修复此问题后,您可能必须通过ASP.NET。
解决方案2
0 2016-12-22 14:14:06
Maybe it's a little too late but for me it worked by changing the configured exceptions using the AllowRestrictedChars registry setting ( as documented in https://support.microsoft.com/en-us/kb/820129 ). 也许这有点太晚了,但对我而言,它通过使用AllowRestrictedChars注册表设置更改配置的异常(如https://support.microsoft.com/en-us/kb/820129中所述 )。 The default value is 0, I changed it to 1. If nonzero, Http.sys accepts hex-escaped chars in request URLs that decode to U+0000 – U+001F and U+007F – U+009F ranges. 默认值为0,我将其更改为1.如果非零,Http.sys接受请求URL中的十六进制转义字符,解码为U + 0000 - U + 001F和U + 007F - U + 009F范围。
解决方案3
0 2011-09-02 03:43:40
Check your URLScan config. 检查您的URLScan配置。 http://learn.iis.net/page.aspx/476/common-urlscan-scenarios/ http://learn.iis.net/page.aspx/476/common-urlscan-scenarios/
Do you happen to have this listed in your [DenyUrlSequences] section? 你碰巧在你的[DenyUrlSequences]部分中列出了这个吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.