ASP.NET web application running on localhost (IIS Express), returns HTTP 500 error in response to the query with 3 colons (":"). If query string contains at least one colon, expected that app will return HTTP 400 Bad Request, however it returns error below:
500.19 - Internal Server Error
Module: IIS Web Core
Notification: BeginRequest
Handler: Not yet determined
Error Code: 0x80070459
Config Error: Cannot read configuration file
What's interesting, 500 error returns only for very specific URL (first row in table below):
<table border="1">
<tr>
<th>URL sent</th>
<th>URL human-readable</th>
<th>Server Response</th>
<th>Remarks</th>
</tr>
<tr>
<td>/items/01%3A34%3A%EC%B9%B4%3A%EC%97%85</td>
<td>/items/01:34:카:업</td>
<td><span style="color: red">500 - that is a bug;</span> should be HTTP 400 because there are colons in URL segment</td>
<td>3 colons + Unicode characters</td>
</tr>
<tr>
<td>/items/0134%3A%EC%B9%B4%3A%EC%97%85</td>
<td>/items/0134:카:업</td>
<td><span style="color: green">400 – Bad Request;</span> That is expected because URL segment contains colon</td>
<td>2 colons</td>
</tr>
<tr>
<td>/items/01%3A34%3A%EC%B9%B4%EC%97%85</td>
<td>/items/01:34:카업</td>
<td><span style="color: green">400 – Bad Request;</span></td>
<td>2 colons</td>
</tr>
<tr>
<td>/items/01%3A34%3Aa%3Ab</td>
<td>/items/01:34:a:b</td>
<td><span style="color: green">400 – Bad Request;</span></td>
<td>Unicode characters replaced by ASCII</td>
</tr>
<tr>
<td>/items/01%3A34%3A%EC%B9%B4%3A%EC%97%85%3A</td>
<td>/items/01:34:카:업:</td>
<td><span style="color: green">400 – Bad Request;</span></td>
<td><span style="color: red">The same URL as first one;</span> added extra colon at the end</td>
</tr>
<tr>
<td>/items/01:34:카:업</td>
<td> </td>
<td><span style="color: green">400 – Bad Request;</span></td>
<td><span style="color: red">The same URL as first one;</span> decoded</td>
</tr>
</table>
I have tried implementing HttpModule and HttpHandler to do some URL transformation there, but the code is not being called; seems that server returns error before entering application code.
User contributions licensed under CC BY-SA 3.0