double escape sequence inside a url : The request filtering module is configured to deny a request that contains a double escape sequence
What I am wondering is that what kind of security holes I am opening with this implementation.
On my ASP.NET MVC application, I am trying to implement a URL like below :
/product/tags/for+families
When I try to run my application with default configurations, I am getting this message with 404.11 Response Code :
When I try to run my application with default configurations, I am getting this message with 404.11 Response Code :
HTTP Error 404.11 - Not Found
The request filtering module is configured to deny a request that contains a double escape sequence.
I can get around with this error by implementing the below code inside my web.config :
I can get around with this error by implementing the below code inside my web.config :
So, now I am not getting any 404.11.