Can I put a + sign in a folder with IIS?

2019-07-21 19:02发布

站内问答 / 前端开发
1270 3 6

I'm pretty sure this can't be done, but I'm looking for a hack or way to put a + in a folder name, like

http://www.mysite.com/cats+dogs/Default.aspx

I'm using IIS 7, and have tried creating a virtual directory to achieve this, and it didn't work. I am not allowed to put %2B in the explorer folder or virtual folder name.

Any ideas how I could hack this to make it work? We've already had brochures printed up with a url on it, and wondering if there is some way I can alias it or some trick that might do it.

EDIT: I was able to figure this out, by creating a virtual folder with a + in it, then redirecting to a URL, which points to a virtual directory with the content.

3条回答
Viruses.
2楼-- · 2019-07-21 19:37

Just put a space in the folder name: "cats dogs".

The space character is encoded using the plus character, so when the server sees the plus character, it will get the folder with the space in it.

查看更多
0人赞 添加讨论(0) 举报
【Aperson】
3楼-- · 2019-07-21 19:38

IIS 7.0 Breaking changes for ASP.NET 2.0 applications in Integrated Mode

Here's the relevant excerpt from the page, which shows the workaround/fix.

Request limits and URL processing The following changes result due to additional restrictions on how IIS processes incoming requests and their URLs.

11) Request URLs containing unencoded “+” characters in the path (not querystring) is rejected by default

You will receive HTTP Error 404.11 – Not Found: The request filtering module is configured to deny a request that contains a double escape sequence.

This error occurs because IIS is by default configured to reject attempts to doubly-encode a URL, which commonly represent an attempt to execute a canonicalization attack.

Workaround:

1) Applications that require the use of the “+” character in the URL path can disable this validation by setting the allowDoubleEscaping attribute in the system.webServer/security/requestFiltering configuration section in the application’s web.config. However, this may make your application more vulnerable to malicious URLs: 

<system.webServer> 
    <security> 
            <requestFiltering allowDoubleEscaping="true" /> 
    </security> 
</system.webServer>
查看更多
0人赞 添加讨论(0) 举报
贼婆χ
4楼-- · 2019-07-21 19:52

You may have some luck with doing a url-rewrite. This can be done very easily in the web.config or with an httpmodule.

Looks like you will still need to use a space or the IIS fix mentioned below for your + character issue, but for some flexibility in the future you can always include URL rewrites for mapping urls to files.

  <httpModules>
      <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  </httpModules>

  <rewriter>
    <rewrite url="~/cats dogs/Default.aspx" to="~/MyRealFile.aspx" />
  </rewriter>
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)