404.11 on "A Test Post"

IIS 7 on Windows 2008 R2 with PHP 5.3.3 via FastCGI, yii-1.1.7.r3135

URL: https://domain.com:443/blog/index.php/post/2/A+Test+Post#comments


HTTP Error 404.11 - Not Found

The request filtering module is configured to deny a request that contains a double escape sequence.

I got this error every time I click on any link in Yii that has a space in them.

Has anyone come across this issue?


That error only occur when I enable pretty URL like below.








I haven’t used IIS in 10 years…

But I think you need to set up a rewrite module:


You say the problem only happens for links that have a space in them - forgive me if I’m stating the obvious, but you do know that a url cannot contain spaces don’t you?

If you want to use phrases as part of a url, you should CHtml::encode them, and when you get them as a parameter in your action, decode them to get the original phrase (CHtml::decode will be available in Yii 1.1.8, but for now you’ll have to use htmlspecialchars_decode($text,ENT_QUOTES)).

I do have rewrite module install but there is no .htaccess in the "demo blog" so I would assume it does not require rewrite rule to be configure. Is that not correct?

Yes, the URL does not contain any "space" instead it has "+" in place of "space" but that is the same for using or not using URL manager but I think it is the issue with URL manager that produces an URL that contain "double escape sequence" that causes the security feature in IIS 7 to stop the code. The specific security feature that stop this double escape sequence is "allowDoubleEscaping" setting.

I tried to set "allowDoubleEscaping" to get around the issue but it only work for "localhost" but not for a full domain URL and plus it is not a good idea to disable security feature any way.

Any more idea?


Seems this is IIS problem… so maybe you would need to ask some good IIS administrator about this…

check this article for an explanation why this feature is enabled - http://blogs.iis.net/thomad/archive/2007/12/17/iis7-rejecting-urls-containing.aspx

if you decide to turn off this feature (I don’t see other options) here is how - http://support.microsoft.com/kb/942076/

I did try that already and I know it works but the "+" is in the URL regardless of using URLManager or not. So the "+" in the URL is not the cause of the issue but rather, I think, is URLManager creating a URL that cause IIS to think it has violated the [color=#1C2837][size=2]"allowDoubleEscaping" security restriction.[/size][/color]

check this article - http://www.w3schools.com/TAGS/ref_urlencode.asp

The "+" work fine when URLmanager is not enable.

This is case "space" or "+" is not the issue but URLManager produce a URL that cause IIS to choke.

It is…

The problem is that IIS7 rejects URLs with +… read the first link I gave you above… it say

Why not just replace spaces with dashes?

Most slugs are dashed…

That is what I thought at first but when I was able to click on the same link without URLManger enable and IIS did not redirect to 404 so that tell me that in this case "+" is not the issue.