View Complete Thread
  • Re: AbortRequest Url Rewrite Rule not working

    Apr 26, 2019 06:01 AM|Jalpa Panchal|LINK

    Hi mxmissile,

    If you try to abort request for this url

    mxmissile

    www.something.com/app/entity/needs-signature&umid=5c8a0e6d-8475-ff05-9dbb-436a235682c4&auth=blahblah
    firstly yo get below error:

    Your request blocking rule is also not working for that. You could follow below rule for block request:

    <rule name="RequestBlockingRule4" patternSyntax="Wildcard" stopProcessing="true">
    <match url="*" />
    <conditions>
    <add input="{URL}" pattern="*umid=*" />
    </conditions>
    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
    </rule>



    And also need to add below code under <system.web>section in web.config file:

    <system.web>
        <httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" />
        <pages validateRequest="false" />
    </system.web>

    If you want to block request for query string value you could use below rule:

    <rule name="RequestBlockingRule3" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
    <match url="*" />
    <conditions>
    <add input="{QUERY_STRING}" pattern="*umid=*" />
    </conditions>
    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
    </rule>



    For more detail about request blocking rule, you could follow the below article:

    Regards,

    Jalpa

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.