I am working on a classic ASP website project and attempting to add a web form which will collect data from users and post that data to an API. My web app lives at wwwroot\\subdir\\myapp and I am targeting .NET framework 4.6.1 in the web.config. When I navigate to the site in the browser (mydomain.com\\subdir\\myapp or mydomain.com\\subdir\\myapp\\Default.aspx) it gives me a 404 error. If I reload once more, I receive a second 404 error. But, on the third load, the site loads all assets (JavaScript/HTML/CSS) without any errors in the browser console.
I checked the web server (IIS 8.5) logs, the first two loads are returning a 404.19 error. According to [1], this error indicates that IIS is denying the request for the page due to a filtering rule. But, if that is the case, why would it load on the third request?
Check security properties of website directory. There should be read access for user of Application pool. (Default is IUSR).
I figured out the issue. The URL is being parsed character by character and compared for an exact match to a list of keywords associated with SQL injection. The word that is causing my error is "update". I was able to figure out the solution by setting up a Failed Request Tracing rule in IIS Manager for .aspx requests.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.