Well resolved the port issue, which aside from the above was not actually a
port issues, it just manifested itself as one. Turns out that IIS-7, as a
default, has a request filtering security features turned on. Part of this
request filtering feature is to automatically deny "Double Escape Characters".
Many of the URLs in ITSM-7 use double escape characters such as the "+" sign.
You need to go to the MS kb article below, and follow the steps to allow double
escapes, and yup it does open up a security hole.
Request Filtering : The Official Microsoft IIS Site
| |
| | | | | | | |
| Request Filtering : The Official Microsoft IIS SiteRequest Filtering
<requestFiltering> Overview Compatibility Setup How To Configuration Sample
Code Overview |
| |
| View on www.iis.net | Preview by Yahoo |
| |
| |
On Friday, February 27, 2015 8:37 AM, Scott Hallenger <[email protected]>
wrote:
I hope someone here has some insight, because I'm at a loss...
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"
