We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

View Complete Thread
  • Re: A potentially dangerous Request.Path value was detected from the client (:)

    May 07, 2021 09:43 AM|mrbot|LINK

    Hi Sam,

    The URL is partially encoded one. Below is another sample URL.

    1) http://192.168.0.134/reports/launch.w3p;roiid=dma%3A%2F%2F%2F45e6b900-8929-11d4-b772-0050da06bfb4%2F7bd350da-c9ee-4565-8000-2cbc18041961

    As per the ASCI encoding this url part

    2) dma:///45e6b900-8929-11d4-b772-0050da06bfb4/7bd350da-c9ee-4565-8000-2cbc18041961

    was converted as below.

    3) http://192.168.0.134/reports/launch.w3p;roiid=dma%3A%2F%2F%2F45e6b900-8929-11d4-b772-0050da06bfb4%2F7bd350da-c9ee-4565-8000-2cbc18041961

    when 3rd URL is passed through IIS reverse proxy  %2F%2F%2F is getting replaced as %2F. That's resulting request URL as invalid

    is there a way where i can retain the encoding part of URL after http://192.168.0.134/reports/launch.w3p;

    when passed through IIS reverse proxy ? Something like 

    if the URL contains "roiid=dma" then 

    http://192.168.0.134/reports/launch.w3p;{UrlEncode:{roiid=dma%3A%2F%2F%2F45e6b900-8929-11d4-b772-0050da06bfb4%2F7bd350da-c9ee-4565-8000-2cbc18041961}}

    and preserve %2F%2F%2F

    and Final URL as below ?

    http://192.168.0.134/reports/launch.w3p;roiid=dma%3A%2F%2F%2F45e6b900-8929-11d4-b772-0050da06bfb4%2F7bd350da-c9ee-4565-8000-2cbc18041961