You have a Web site that is hosted on Internet Information Services (IIS) 7.0. When you visit the Web site, you may receive an error message that resembles the following:
HTTP Error 404.11 – URL_DOUBLE_ESCAPED
Description of HRESULT
# The operation completed successfully.
The HTTP request to the Web server contains a double escape sequence. However, the Request Filtering feature is configured so that the Web server denies double escape sequences.
To resolve this problem, follow these steps.Note
After you follow these steps, the security level of the server that is running IIS may be reduced. Therefore, before you set the allowDoubleEscaping
property to True
, consider the risk that is involved.
- Click Start, type Notepad in the Start Search box, right-click Notepad in the Programs list, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
- On the File menu, click Open, type %windir%\System32\inetsrv\config\applicationHost.config in the File name box, and then click Open.
- In the ApplicationHost.config file, locate the requestFiltering XML element.
- Change the value of the allowDoubleEscaping property to True. To do this, use code that resembles the following example code.
- On the File menu, click Save.
- Exit Notepad.
When you enable double escaped sequences, the security level of the server that is running IIS may be decreased.
The previous steps will directly edit the applicationHost.config file and configure this setting at the server level. You can also use the Appcmd
command to configure this setting. To do this, follow these steps:
- Click Start, click Run, and then type cmd in the Open box.
- Type the following command, and then press ENTER:
- Run one of the following commands:
Note This will configure this setting only for the "Default Web Site" by creating or editing the Web.config file in the root folder of the "Default Web Site."
Appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True
Note This will configure this setting only for the "Default Web Site" in the applicationHost.config file by using a location tag.
appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True /commit:appHost
Article ID: 942076 - Last Review: November 25, 2008 - Revision: 2.0
- Microsoft Internet Information Services 7.0
|kbexpertiseadvanced kbtshoot kbprb KB942076|