Can I put a + sign in a folder with IIS?

问题

I'm pretty sure this can't be done, but I'm looking for a hack or way to put a + in a folder name, like

http://www.mysite.com/cats+dogs/Default.aspx

I'm using IIS 7, and have tried creating a virtual directory to achieve this, and it didn't work. I am not allowed to put %2B in the explorer folder or virtual folder name.

Any ideas how I could hack this to make it work? We've already had brochures printed up with a url on it, and wondering if there is some way I can alias it or some trick that might do it.

EDIT: I was able to figure this out, by creating a virtual folder with a + in it, then redirecting to a URL, which points to a virtual directory with the content.

回答1:

You may have some luck with doing a url-rewrite. This can be done very easily in the web.config or with an httpmodule.

Looks like you will still need to use a space or the IIS fix mentioned below for your + character issue, but for some flexibility in the future you can always include URL rewrites for mapping urls to files.

  <httpModules>
      <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  </httpModules>

  <rewriter>
    <rewrite url="~/cats dogs/Default.aspx" to="~/MyRealFile.aspx" />
  </rewriter>

回答2:

IIS 7.0 Breaking changes for ASP.NET 2.0 applications in Integrated Mode

Here's the relevant excerpt from the page, which shows the workaround/fix.

Request limits and URL processing The following changes result due to additional restrictions on how IIS processes incoming requests and their URLs.

11) Request URLs containing unencoded “+” characters in the path (not querystring) is rejected by default

You will receive HTTP Error 404.11 – Not Found: The request filtering module is configured to deny a request that contains a double escape sequence.

This error occurs because IIS is by default configured to reject attempts to doubly-encode a URL, which commonly represent an attempt to execute a canonicalization attack.

Workaround:

1) Applications that require the use of the “+” character in the URL path can disable this validation by setting the allowDoubleEscaping attribute in the system.webServer/security/requestFiltering configuration section in the application’s web.config. However, this may make your application more vulnerable to malicious URLs:

<system.webServer> 
    <security> 
            <requestFiltering allowDoubleEscaping="true" /> 
    </security> 
</system.webServer>

回答3:

Just put a space in the folder name: "cats dogs".

The space character is encoded using the plus character, so when the server sees the plus character, it will get the folder with the space in it.

来源：https://stackoverflow.com/questions/2014073/can-i-put-a-sign-in-a-folder-with-iis