IIS and UrlScan – denying request

Today I was developing a little Silverlight client app and everything was working fine in Visual Studio web server.  But then I deployed my app in IIS and everytime I request a page, I got back a 404 error. It took me a while to check for all the usual culprits (permissions, authentication etc.), but I could not find out what was wrong. So I decided to check out the IIS logs (under <WINDOWS_ROOT>/system32/LogFiles/W3SVC1 for me) and here is what I found:

<time> localhost GET /Rejected-By-UrlScan 404

oO

Ok, so that was a new one for me, so I went and checked the UrlScan logs (under <WINDOWS_ROOT>/system32/inetsrv/urlscan/logs for me) and here is what I found:

<date> <time> localhost GET /Fotoz.Web/ Rejected URL+contains+dot+in+path URL – –

So, here was the culprit denying me access: my folder path contained a dot. I had the bright idea of calling my web app Fotoz.Web which made it fail.

I then checked the UrlScan.ini file (under <WINDOWS_ROOT>/system32/inetsrv/urlscan for me) and found the setting:

AllowDotInPath=0

which I changed to:

AllowDotInPath=1

This should not impact too much on the security since I still had the following in the [DenyUrlSequence] section:

..  ; Don’t allow directory traversals

which I think is the only thing that could matter if my server was ill-configured.

Advertisements
This entry was posted in Development, Uncategorized, Web, Windows and tagged , , , , , , , , , , , , , , , , . Bookmark the permalink.

One Response to IIS and UrlScan – denying request

  1. You can get almost everything in online shopping from laptops
    to grocery items. Then quickly with Homer push the
    button to activate the second ventilator.
    There have been reports of people flipping off of the trampoline and breaking their
    necks, so my advice is to not try it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s