More in this section

Forums / Bugs & Issues / IIS 7.0 Double Escaping Libraries Module

IIS 7.0 Double Escaping Libraries Module

2 posts, 0 answered
  1. Sean
    Sean avatar
    271 posts
    31 May 2006
    13 Mar 2008
    Link to this post
    Hi Guys,

    One rather small annoyance developing on IIS 7

    Was getting this error due to spaces in a thumbnail or full images name eg have an image whos name is "Front Deck" SF renders the link as "Front+Deck.sflb".

    In IIS it doesn't show but instead outputs this error:

    Server Error in Application "Default Web Site/"

    HTTP Error 404.11 - Not Found

    Description: The request filtering module is configured to deny a request that contains a double escape sequence.

    Error Code: 0x00000000

    Notification: BeginRequest

    Module: RequestFilteringModule

    Requested URL: http://localhost:80/

    Physical Path: C:\Projects\\website\Libraries\Portfolio\Front+from+Side.sflb

    Logon User: Not yet determined

    Logon Method: Not yet determined

    Handler: Library Handler Factory

    Most likely causes:

    • The request contained a double escape sequence and request filtering is configured on the Web server to deny double escape sequences.

    What you can try:

    • Verify the configuration/system.webServer/security/requestFiltering@allowDoubleEscaping setting in the applicationhost.config or web.confg file.

    More Information... This is a security feature. Do not change this feature unless the scope of the change is fully understood. You should take a network trace before changing this value to confirm that the request is not malicious. If double escape sequences are allowed by the server, modify the configuration/system.webServer/security/requestFiltering@allowDoubleEscaping setting. This could be caused by a malformed URL sent to the server by a malicious user.

    Server Version Information: Internet Information Services 7.0.

    After some digging around and finding the applicationHost.config file I was able to allow overriding of the double escape then in my web.config overrid it so it now works but is there a simpler way around this?  Luckily my host isn't on IIS7 yet but it will be at some point.

    3.2 so far seems pretty good but we are only just getting into it here at ZimWeb.  So happy about Prometheus being in it now leaves us to do some very cool stuff!


  2. Rebecca
    Rebecca avatar
    536 posts
    24 Sep 2012
    13 Mar 2008
    Link to this post
    Hi Sean Molam,

    Thank you for reporting this issue. We managed to reproduce it and started thinking about a fix as it looks quite serious. However, we can't say for certain whether the fix will be available for the upcoming service pack.

    Your Telerik account has been updated.

    Best wishes,
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
2 posts, 0 answered