MediaWiki Colon Error on IIS 7.5RSS

2 replies

Last post Feb 26, 2014 05:27 PM by Dave Onex

  • MediaWiki Colon Error on IIS 7.5

    Jul 23, 2010 04:28 AM|bbar|LINK

    I've built a website on two machines. Most of the site is located on a Windows Server 2008 R2 box, but I'm also runing the MediaWiki software on a Linux box with Apache and MySQL. Here's how it's setup:

    If the entered URL is*, I use Application Request Routing (ARR) and URL Rewrite to route those requests to the Linux box.

    If the entered URL is*, it's just business at usual on IIS7.5.

    Everything had been working great until I got the following error: "A potentially dangerous Request.Path value was detected from the client (:)." Anytime the URL has a colon in it (like this link from wikipedia:, I get that error.

    This blog's topic ( might be a possible solution. It claims you can specify the requestPathInvalidChars attribute and then just remove the colon (at least that's what I think it's saying).

    I'm wondering how people using MediaWiki with FastCGI are getting around this because it seems like they would have the same problem - namely, the request validator in IIS.

    Any ideas?



  • Re: MediaWiki Colon Error on IIS 7.5

    Jul 29, 2010 02:48 AM|bbar|LINK

    Here's a quick fix if anyone runs into this issue. This will set requestValidationMode to 2.0 and remove the colon from the list of "illegal" characters.

    Open the web.config file in your site, and add the following to the <system.web> section: 

    <!-- The following line strips colons from the invalid characters list. -->
    <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\" />

    Are people runing the MediaWiki software using FastCGI in IIS7 running into this issue as well?


  • Re: MediaWiki Colon Error on IIS 7.5

    Feb 26, 2014 05:27 PM|Dave Onex|LINK

    I'm seeing the same issue just with a different URL;

    My best guess is that it's caused by the ampersand and the hash (#) symbol. Any chance you could adjust your excellent reply above;

    <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,\" />

    so that it's tailored for my specific issue? I know it's a lot to ask but I think I've tracked this thing down at least to the level where I can intelligently ask the question :)