Windows LiveWindows Live
 
 
J.C.'s profileJ.C.'s spaceBlogNetwork Tools Help

Blog
    April 29

    Delta CRL is present, but not downloadable is IIS 7.0. When navigating to the URL an "HTTP Error 404.11 – URL_DOUBLE_ESCAPED" error occurs.

    While looking at PKIView for a newly installed CA, I noticed that the delta crl (CAName+.crl) was "Unable to download", despite the file being present in the CDP virtual directory file location. When I copied the URL and browsed to the location, I received an HTTP Error 404.11 -- URL Double Escape error.
     
    This is apparently a new security feature under IIS 7.0 that denies double escape characters in the URL. Not sure what "escape characters" are, but I presume that a space and then the + sign were the characters in my URL.
     
    Fortunately the Error page gave some insight about changing the application.config or web.config file. A quick search on Google led me to a Microsoft KB article that helped to point me in the right direction: Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 404.11 – URL_DOUBLE_ESCAPED"
     
    This article instructs you to change the application.config file by modifying the allowDoubleEscaping property to True. In looking at the application.config file there was a section for each of the virtual directories under the website, except for the CDP virtual directory. All of those sections had their allowDoubleEscaping attribute set to true, so I had code examples to build the xml for the missing section. I did notice however that the CDP file location did have a web.config file, which had a sparse section of xml code specifically for the CDP virtual directory. And this the web.config file is what I actually modified to fix the 404.11 error.
     
    I added a security section under configuration/system.webserver.
             <security>
                    <requestFiltering allowDoubleEscaping="true" />
            </security>
     
    Original File:
    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <directoryBrowse enabled="true" />
        </system.webServer>
    </configuration>
     
    Modified file:
    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <directoryBrowse enabled="true" />
             <security>
                    <requestFiltering allowDoubleEscaping="true" />
            </security>
        </system.webServer>
    </configuration>
     
    This fixed the issue!
    1:25 PM | Blog it | PKI

    Comments

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.

    To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in


    Don't have a Windows Live ID? Sign up

    Trackbacks

    The trackback URL for this entry is:
    http://jcwarnerii.spaces.live.com/blog/cns!DAFBEF02F4CD141!175.trak
    Weblogs that reference this entry
    • None