Thursday, 18 February 2010

IIS7 doesn't like +'s in your URL's

So today I've been trying to sort out my apt mirror for Ubuntu having just moved it to a Windows server. The netinstall would start fine then keep saying there was a problem with certain packages and I couldn't work out why.

After a bit of detective work I realised that it's IIS having issues with the + signs in the package names. A bit more detective work and I found this workaround:

Request limits and URL processing

The following changes result due to additional restrictions on how IIS processes incoming requests and their URLs.

11) Request URLs containing unencoded “+” characters in the path (not querystring) is rejected by default

You will receive HTTP Error 404.11 – Not Found: The request filtering module is configured to deny a request that contains a double escape sequence.

This error occurs because IIS is by default configured to reject attempts to doubly-encode a URL, which commonly represent an attempt to execute a canonicalization attack.

Workaround:

1) Applications that require the use of the “+” character in the URL path can disable this validation by setting the allowDoubleEscaping attribute in thesystem.webServer/security/requestFiltering configuration section in the application’s web.config. However, this may make your application more vulnerable to malicious URLs:

As it says, I wouldn't use this for an externally facing site as it can make it less secure, but mine is for internal use only.

Posted by at No comments:
Labels: , , ,

Friday, 15 January 2010

FIXED: DNS resolution in Windows 7 when connected to a Linux-based PPTP server

Right, I racked my brains over this one for the past few days unable to working why when I was connecting to the Linux-based PPTP (pptpd) server I put together in the office I couldn't resolve any hostnames without using the FQDN (Fully Qualified Domain Name).

I read various posts on many sites with people having the same problem in Windows XP or Vista and a registry fix which was even suggested by Microsoft to solve the problem, alas though I'm using Windows 7 and this didn't work.

After much chin-rubbing and head scratching I found the answer!

Go into your VPN's connection properties and into the Networking tab. Go into the properties for IPv4 and click on Advanced. Go into the DNS tab and enter your DNS suffix in the box near the bottom labelled 'DNS suffix for this connection'.

The next time you connect you should find you can now ping/access hosts using just the standard hostname.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)