views:

37

answers:

1

This is related to a previous (unanswered) issue I've had with trying to catch request errors in the Global.asax, but it now appears to be more widespread.

The URL redirect feature in IIS7 will not handle URLs which both end in .aspx and contain a colon anywhere in the url. Rather than follow its own redirect rules, IIS7 treats .aspx pages differently to others, and throws

[NotSupportedException: The given path's format is not supported.]

Has anyone else encountered this issue?

+2  A: 

Possibly IIS is treating the colon as if it should precede a port number (http://mysite.com:12345) or some other invocation to an IIS- or OS-level command. So, it may be suspicious of some kind of code injection.

You might try this thread: http://stackoverflow.com/questions/3342443/why-is-using-a-url-containing-a-colon-considered-as-a-potentially-dangerous-requ .

Hanselman also had an interesting bit up about url rewriting black magic - check the middle of the article for more on the colon character. http://www.hanselman.com/blog/ExperimentsInWackinessAllowingPercentsAnglebracketsAndOtherNaughtyThingsInTheASPNETIISRequestURL.aspx

Superstringcheese
The Hanselman.com link mentioned setting <pages validateRequest="false" />. I tried this before when using the Global.asax method, and it had no effect. Trying it again with the URL Rewriting paid off as it is now working! Thanks.
roryok
Another interesting development here, this only works if the URL Rewriting mode is set to 'rewrite' rather than 'redirect'. Setting to 'redirect' throws the same NotSupportedException
roryok