Http Error 400 Bad Request. Asp.net
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up ASP.Net: HTTP 400 Bad Request error when trying to process http://localhost:5957/http://yahoo.com up vote 4 down vote favorite I'm trying to create something similar to the diggbar : http://digg.com/http://cnn.com I'm using Visual Studio 2010 and Asp Development server. However, I can't get the ASP dev server to handle the request because it contains "http:" in the path. I've tried to create an HTTPModule to rewrite the URL in the BeginRequest , but the event handler doesn't get called when the url is http://localhost:5957/http://yahoo.com. The event handler does get called if the url is http://localhost:5957/http/yahoo.com To summarize http://localhost:5957/http/yahoo.com works http://localhost:5957/http//yahoo.com does not work http://localhost:5957/http://yahoo.com does not work http://localhost:5957/http:/yahoo.com does not work Any ideas? asp.net http url-rewriting url-routing share|improve this question edited Jun 4 '09 at 15:01 Spencer Ruport 28.6k666116 asked Jun 4 '09 at 3:20 mat3 141115 6 How about marking an answer? –Scott Hanselman Apr 25 '11 at 20:20 add a comment| 12 Answers 12 active oldest votes up vote 12 down vote I've written an article with Stefan's help that explains how to do this: Experiments in Wackiness: Allowing percents, angle-brackets, and other naughty things in the ASP.NET/IIS Request URL share|improve this answer answered Jun 9 '10 at 21:56 Scott Hanselman 15.4k56586 add a comment| up vote 7 down
LaingJanuary 29, 20095 0 0 0 After sending an HTTP request to an IIS server, an HTTP client (such as Internet Explorer) may display the following type of error message in the browser window: If Internet Explorer’s Friendly HTTP Error Messages option is turned off, the error may resemble the following: In these scenarios, IIS has rejected the client’s HTTP request because it did not meet the server’s parsing rules, or http://stackoverflow.com/questions/948428/asp-net-http-400-bad-request-error-when-trying-to-process-http-localhost5957 it exceeded time limits, or failed some other rule that IIS requires incoming requests to adhere to. IIS sends the HTTP 400 – Bad Request status back to the client, and then terminates the TCP connection. Troubleshooting When troubleshooting an HTTP 400 condition, it is important to remember that the underlying problem is that the client has sent a request https://blogs.msdn.microsoft.com/webtopics/2009/01/29/how-to-troubleshoot-http-400-errors/ to IIS that breaks one or more rules that HTTP.sys is enforcing. With that in mind, you will want to see exactly what the client is sending to IIS; to do this, capture a network trace of the client sending the bad request. You can analyze the trace to see the raw data that the client sends to IIS, and to see the raw response data that IIS sends back to the client. You can also use an HTTP sniffer tool called Fiddler; this is a great tool as it allows you to see the HTTP headers even if the client and server are communicating over SSL. The next data item you will want to use is the httperr.log file. Beginning in IIS 6.0, the HTTP.sys component handles incoming HTTP requests before they are passed along to IIS, and is the component responsible for blocking requests that don’t meet the IIS requirements. When HTTP.sys blocks the request, it will log information to its httperr.log file concerning the bad request. NOTE: For more information on the HTTP API error logging that HTTP.sys provides,
returning a Bad Request error. On initial inspection, I was unable to reproduce the issue. After talking to our product manager, I learned that he was https://lostechies.com/joshuaflanagan/2009/04/28/asp-net-400-bad-request-with-restricted-characters/ trying to seed the search with the text “% %”. We have a quick search text box that lets you enter your criteria, and it has some built in rules about which fields it applies the criteria to. If you need more control over the criteria, you can enable the advanced search, and your quick search criteria will automatically be populated in the advanced search page. The http error way we were doing that was by passing the criteria in the URL, as in: http://localhost/dovetailcrm/contacts/query/yourbasiccriteria. To seed the advanced search for “% %’, it would load http://localhost/dovetailcrm/contacts/query/%25%20%25 (% URI encodes as %25, space encodes as %20) We were properly encoding the request, so what the problem? Attempting to load that URL would cause the error: 400 Bad Request ASP.NET detected invalid characters in the URL. Proceed at http error 400 your own risk My first instinct was to suspect URLScan, or the IIS 7.0 equivalent. After a bit of googling, it became apparent that ASP.NET really didn’t like it when you tried to pass a %, &, *, or : in the URL. The various fixes were scattered around different forum posts, but summed up nicely at Dirk.Net. Unfortunately, the only answer seemed to be “make a registry change” or “don’t pass those characters in your URL”. That didn’t sit well with me – it didn’t seem right that there was no way to pass those characters in the URL without having to change your server configuration which could potentially expose your site to security risks. Just because you can, doesn’t mean you should After a little bit of experimentation, I discovered that you certainly CAN pass those characters in a URL: they just have to be passed in the query string (the part after the question mark). It suddenly started to make sense why there was not a whole lot of information on this error, and why the little information that was available seemed to be related to ASP.NET MVC. Up until ASP.NET MVC (or more accurately, System.Web.Routing),