Is there a configuration on IIS to avoid showing "A potentially dangerous Request.Path value was detected from the client (:)."

Question

I also searched the exception message on StackOverflow and the returned answers were not my cases.

Let's see my cases.

I access to a direct URL which ":." (without quotes) symbols are appened to my web application name: http://localhost/mywebapp:.
Access to *.aspx pages appended ":." symbols and the URL does not include the web application name http://localhost/Default.aspx:.

In this cases, the exception occurs before entering my web application. (I did debug my web application at Application_Start, Application_Error and the debugger did not hit to it)

So, guys, is there any configuration that I can apply for IIS server to avoid this exception. I don't want to show the yellow exception page like this to the end users. I want to show a general message instead of it.

[Update 1]

Here is my configuration in web.config

<httpRuntime  requestPathInvalidCharacters="" maxRequestLength="1024000" requestLengthDiskThreshold="8192" enableVersionHeader="false" executionTimeout="110" targetFramework="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder" requestValidationMode="2.0" />

<pages enableEventValidation="false" validateRequest="false" controlRenderingCompatibilityVersion="4.5" clientIDMode="AutoID" viewStateEncryptionMode="Never" enableViewStateMac="True">

@VDWWD: I have tried adding as your link, but it does not work in my cases — NoName, Nov 01 '17 at 09:41

Is there a configuration on IIS to avoid showing "A potentially dangerous Request.Path value was detected from the client (:)."

0 Answers0