DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 942076 - Last Review: November 25, 2008 - Revision: 2.0

SYMPTOMS

You have a Web site that is hosted on Internet Information Services (IIS) 7.0. When you visit the Web site, you may receive an error message that resembles the following:
Server Error
--------------------------------------------------------------------------------
HTTP Error 404.11 – URL_DOUBLE_ESCAPED
HRESULT: 0
Description of HRESULT # The operation completed successfully.

CAUSE

The HTTP request to the Web server contains a double escape sequence. However, the Request Filtering feature is configured so that the Web server denies double escape sequences.

RESOLUTION

To resolve this problem, follow these steps.

Note After you follow these steps, the security level of the server that is running IIS may be reduced. Therefore, before you set the allowDoubleEscaping property to True, consider the risk that is involved.
  1. Click Start, type Notepad in the Start Search box, right-click Notepad in the Programs list, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
  2. On the File menu, click Open, type %windir%\System32\inetsrv\config\applicationHost.config in the File name box, and then click Open.
  3. In the ApplicationHost.config file, locate the requestFiltering XML element.
  4. Change the value of the allowDoubleEscaping property to True. To do this, use code that resembles the following example code.
    <requestFiltering allowDoubleEscaping="true">
    
  5. On the File menu, click Save.
  6. Exit Notepad.
Important When you enable double escaped sequences, the security level of the server that is running IIS may be decreased.

The previous steps will directly edit the applicationHost.config file and configure this setting at the server level. You can also use the Appcmd command to configure this setting. To do this, follow these steps:
  1. Click Start, click Run, and then type cmd in the Open box.
  2. Type the following command, and then press ENTER:
    C: CD %windir%\system32\inetsrv
  3. Run one of the following commands:
    • Appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True
      Note This will configure this setting only for the "Default Web Site" by creating or editing the Web.config file in the root folder of the "Default Web Site."
    • appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True /commit:appHost
      Note This will configure this setting only for the "Default Web Site" in the applicationHost.config file by using a location tag.

APPLIES TO
  • Microsoft Internet Information Services 7.0
Keywords: 
kbexpertiseadvanced kbtshoot kbprb KB942076
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support