IIS 7 and Above
Application Request Routing (ARR)
different double escape behavior on http vs https
Last post Apr 18, 2014 07:26 AM by Pengzhen Song - MSFT
Apr 17, 2014 04:40 PM|roadling|LINK
I have an IIS7.5 ARR 3 instnace that sits behind a coporate proxy server. This server serves as a front end for a Glassfish hosted java application.
when a make a certain request to the Glassfish app from
https://my.domain.com/.... vs http://localhost/... is double escapted differently.
How can I configure IIS/ARR to treat the https request the same as http and get rid of the extra escape?
Apr 18, 2014 07:26 AM|Pengzhen Song - MSFT|LINK
You can try disable this validation by setting the allowDoubleEscaping
attribute in the system.webServer/security/requestFiltering configuration section in the application’s web.config.
And remove "%" character in this section:
For more information, you can refer here
#Allowing percents, angle-brackets, and other naughty things in the ASP.NET/IIS Request URL
#Use any characters you want in your URLs with ASP.NET 4 and IIS 7!
Hope it can help you.