问题
External clients are hitting my Azure website with urls that contain the colon (:) character. The request are not valid, but on my old IIS server it would give a 404 error. On Azure, the same URL will give a 500 error. This wastes my time, as I have to check the logs. This is an example of a request:
http://www.example.com/http:/www.example.com
Is there any way of avoiding this behaviour on the server side, and give 4xx error instead? Keep in mind, this problem is on Azure only, and I do not control the requests.
回答1:
If you are running a .NET application, then this is caused by ASP.NET HTTP runtime, more specifically by its request filtering feature.
If the URL path contains any of the disallowed characters (<,>,*,%,&,:,\\,?), the runtime throws the exception and because of the exception the IIS returns error code 500.
System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (:).
You can configure disallowed characters in your web.config file.
<system.web>
<httpRuntime targetFramework="4.5" requestPathInvalidCharacters="*,%" />
</system.web>
But i would be careful, because there might be some security implications of such change.
回答2:
Using the KUDU Console in Azure add the file applicationhost.xdt to D:\home\site.
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document- Transform">
<system.applicationHost>
<sites>
<site name="%XDT_SITENAME%" xdt:Locator="Match(name)">
<virtualDirectoryDefaults xdt:Transform="Insert" allowSubDirConfig="false" />
</site>
</sites>
This does the job, but has an unfortunate side effect, in that any web.config in any application subdirectory was ignored. For our side, this had the effect of not loading any static files which meant the site did not work properly.
This will work fine for any site having a single web.config at root level.
来源:https://stackoverflow.com/questions/34197132/azure-websites-throw-500-error-when-there-is-a-colon-in-the-url