Geek Answers Handbook

Azure websites cause 500 errors when there is a colon in the URL

External clients get to my Azure site with URLs that contain a colon (:). The request is not valid, but on my old IIS server it will throw a 404 error. On Azure, the same URL will give a 500 error. It takes me a while since I have to check the logs. This is an example request:

http://www.example.com/http:/www.example.com

Is there a way to avoid this server side behavior and give a 4xx error? Keep in mind that this issue only affects Azure and I do not control requests.

+7
azure azure-web-sites
source share
2 answers

If you are using a .NET application, it is caused by the ASP.NET HTTP runtime, more specifically its request filtering function.

If the URL path contains any of the forbidden characters ( <,>,*,%,&,:,\\,? ), the runtime generates an exception and, due to the exception, IIS returns an 500 error code.

System.Web.HttpException: A potentially dangerous Request.Path value was detected by the client (:).

You can configure illegal characters in your web.config .

 <system.web> <httpRuntime targetFramework="4.5" requestPathInvalidCharacters="*,%" /> </system.web>

But I would be careful, because there may be some security implications for such a change.

+1
source share

Using the KUDU console in Azure, add the applicationhost.xdt file to D: \ home \ site.

 <?xml version="1.0"?> <configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document- Transform"> <system.applicationHost> <sites> <site name="%XDT_SITENAME%" xdt:Locator="Match(name)"> <virtualDirectoryDefaults xdt:Transform="Insert" allowSubDirConfig="false" /> </site> </sites>

This does the job, but has an unpleasant side effect, since any web.config file in any application subdirectory is ignored. For our part, this affected the download of any static files, which means that the site is not working properly.

This will work just fine for any site that has a single web.config at the root level.

0
source share

More articles:


All Articles