WebApp Sec mailing list archives

RE: Double Slashes

From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Fri, 5 Aug 2005 09:28:00 -0400

This IIS has no URLScan running. That's the odd thing. Therefore I think it 
may have been a patch or something.

What I need is a way that the server doesn't strip my slashes and let me 
send an url like this "www.example.com/dir//page.asp".


The second slash is stripped by IIS itself as part of the normalization
process. You will not be able to change this behavior. You have two options:
1. Change this silly application that relies on the extra slash (the preffered solution).
2. Create a hack to get the URI before IIS normalizes it... writing an ISAPI filter
   or some similar... 

Kyle

Current thread:

Double Slashes Andres Molinetti (Aug 04)
- <Possible follow-ups>
- RE: Double Slashes Jeff Robertson (Aug 04)
- RE: Double Slashes Auri Rahimzadeh (Aug 04)
  - RE: Double Slashes Andres Molinetti (Aug 04)
- RE: Double Slashes Jeff Robertson (Aug 04)
  - RE: Double Slashes Andres Molinetti (Aug 04)
- RE: Double Slashes Auri Rahimzadeh (Aug 04)
- RE: Double Slashes Auri Rahimzadeh (Aug 04)
- Re: Double Slashes Steven M. Christey (Aug 04)
- RE: Double Slashes Kyle Quest (Aug 05)