I have an Asp.Net Web Api application which takes ip address as input and return the country of that respective ip.
when I pass the below url
http://localhost:portno/xx.xx.xx.xx
it throws Error 404
can any one tell me why?
Short hacky answer: Add a trailing forward slash. IIS thinks it's a file at the end of hte URL.
Longer, more elegant answer: Check out these links for cleaner fixes that require more work:
ApiController returns 404 when ID contains period
Dots in URL causes 404 with ASP.NET mvc and IIS
Related
We got the following problem:
I am currently developing a web server implementing a specific API. The association behind that API provided specific test cases I'm using to test my implementation.
One of the test cases is:
5.3.2.12 Robustness, large resource ID
This test confirms correct error handling when sending a HTTP request with a very long location ID as URL parameter.
The url its calling looks something like this:
https://localhost:443/api/v2/functions/be13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005ebe13789-1f1e-47d0-8f8a-000000000005
Basically the tests checks, if my server responds with the correct error code if the URL is too long. (At the time of writing it is testing for Errorcode 405, but I already asked them if it shouldn't be 414)
I'm developing the server in Asp.Net 6 and it always returns Bad Request 400 in the testcase.
I don't seem to find a place to change the handling for this behaviour and I am not even sure, if I can, or if the IIS is blocking the request even before it reaches my server. I activated logging in IIS, but the request does not show in the logfile in inetpub/logs/LogFiles.
My question would be, if it is possible to tell IIS to return a different error code in this case, or if it is even possible to handle the error in my application.
What I tried:
Activating IIS Logs to see if the request is even passed to my site. (It did not)
Tried adding Filters to my Controller to see if I can catch an Exception
Checked, if Development Error Sites are called.
Breakpoints in existing middlewares are not reached.
EDIT:
I am now pretty sure now, that the request never reaches my application.
It is possible to reproduce the error by using the default site the IIS generates on windows. Just copy the whole path from above into a browser with the host http://localhost will also just produce the error 400
EDIT 2:
As #YurongDai pointed out, I tried activating failed request tracing for my IIS Site. I used the default path \logs\FailedReqLogFiles.
The folder was created, but no file is written, when I'm opening the URL above in my browser.
IIS Error 400 occurs when the server is unable to process a request sent to a web server. The most common cause of Bad Request error 400 is an invalid URL, but it can happen for other reasons as well. To resolve IIS Error 400, first make sure that you have entered the URL correctly, typos or disallowed characters in the URL are the most common causes of Bad Request errors. If the error persists after verifying the URL, please clear your browser's cache, DNS cache, and cookies and try again.
Clear your browser's cookies.
Clear your browser's cache.
Clear your DNS cache.(Execute the following command in the command prompt window: ipconfig /flushdns)
I have URLs stored in a database where the spaces are encoded as +.
When the browser requests these urls the web server returns a 404 response.
These URLs are all for static images stored on the web server in the wwwroot folder.
If I manually change the + for %20 then the image is returned correctly.
Is this a deliberate change in ASP.Net Core or is this a bug?
If it's deliberate, then it's going to be very painful for me going through the database and re-encoding all the URLs, many of which are embedded in HTML snippets (I know storing HTML in the DB or having spaces in image files aren't a good idea but it was done long before I joined the company and that's the state we're already in).
I'm using ASP.Net 2.1, running on .Net Framework.
It's running through IIS Express at the moment (during development) but will be deployed with full IIS.
I have seen this other question but it's specifically to do with API calls and the answer doesn't seem to be applicable to my question as there are no routes to change as I'm requesting static image files.
Edit: Extra detail
The html is output using #Html.Raw(html)
The resulting html output to the browser is of the form
<img src="/BorderThemes/grey+4px+rounded+corners_TL.png" />
The Html was generated on the server and then stored in the DB so we can be confident it's safe to output to the browser and, no, I have no idea why anyone would do that rather than building the HTML when it's needed but it was before my time and it's the situation I'm already in.
Update:
I've looked deeper into this and if I enter http://localhost:8000/BorderThemes/grey+4px+rounded+corners_TL.png into my web browser I get a page from IIS saying Http Error 404.11 saying that my URL is double encoded and linking to here for more information. This does include instructions on how to allow double-encoding but with warnings that it can have security consequences.
If I enter the url http://localhost:8000/BorderThemes/grey%204px%20rounded%20corners_TL.png I get an image back.
I was having issues with paths / html stored in the DB but after experimenting, it appears that System.Net.WebUtility.UrlEncode encodes spaces as +. For example WebUtility.UrlEncode("foo bar.png") returns foo+bar.png, which is rejected as double-encoded by IIS.
Am I missing something or is Microsoft's function for encoding URLs encoding the URLs in a way that Microsoft's web server rejects?
If you want %20 instead of + tryusing EscapeDataString to encode URI :
Uri.EscapeDataString(someString);
Refer https://stackoverflow.com/a/50682381/704008
But you have already generated url & can'e do anything now so try using HtmlDecode like
System.Net.WebUtility.HtmlDecode.HtmlDecode(html);
I am not sure it best to use with Raw or some method exists like decode in #Html but try using :
#Html.Raw(System.Net.WebUtility.HtmlDecode(html))
Refer:
https://learn.microsoft.com/en-us/dotnet/api/system.net.webutility?view=netstandard-2.0
https://learn.microsoft.com/en-us/dotnet/api/system.net.webutility.urldecode?view=netstandard-2.0#System_Net_WebUtility_UrlDecode_System_String_
In the middle of developing a Web Api 2 REST service, we have discovered a routing problem. The endpoint is as follows:
.../{email}/...
The problem is that the email could contain special characters such as '+', which results in a 404 resource not found.
We would really like for the user of the service, to be able to specify the email in the URL. But since the email also legally can contain an '&', this can't just be moved to an URL parameter. How would we go about solving this?
Regards
Frederik
UrlEncodeUnicode and UrlDecode should be helpfull in your case.
No, encoding and deconding can only work if yyou're in control of the client and server operations. If otherwise, the best way is to call the endpoint as such
www.yourwebsite.com/api/account/create?email='{email with any characters}'
So I have a google shortened Url, and once I click on it and hit my controller, I want to be able to see what the original goo.gl url was before it got resolved. How on earth do I do this?
I've tried Request.UrlReferrer.AboluteUri and System.Web.HttpContext.Current.Request.Url.AbsoluteUri but neither seem to work. They all simply return the resolved absolute uri. Any help on this would be greatly appreciated.
Here's an example of the shortened URL - http://goo.gl/WSrJ6
This would then take the user (in testing at least) to localhost:81/college/events/details/23
So basically, when I hit the Details Controller, how do I get the original shortened url back?
Ok, this feels like more of a workaround but...
I don't see any way to resolve the shortened url from the goog.gl service. However, you could send a web request to goog.gl that only uses the HEAD HTTP verb using the shortened url.
Then, in the response to the HEAD request, the location header will be the original url (because it will send back a redirect request 301).
You can check out the response by using this tool. Put in your shortened url and then choose the HEAD verb before posting.
https://developers.google.com/url-shortener/v1/getting_started
You do a get request with the following url and you get a Json with the long url
https://www.googleapis.com/urlshortener/v1/url?shortUrl=http://goo.gl/WSrJ6
Any normally configured browser sends the header HTTP_REFERER.
Doesn't a simple Request.UrlReferrer work? Or, something like HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] or ServerVariables["HTTP_REFERER"]?
That, depending on where you are coding, but the point is to grab the header from the request.
HTTP_REFERER should always contain the previous (referer) url. I don't see why you're getting the resolved url there, unless it's a second redirection (e.g. your shortener pointed to http://server.com and your web server is configured to redirect missing www to http://www.server.com).
HTH
Francisco
I am trying to diagnose a problem that a client site has come across. Basically when you do an address search on their website you can specify a % symbol for wildcard searches. For example you can search for Be% to return Belfast etc.
This queries the database and then redirects you to the results page, passing the search criteria in the querystring for example results.aspx?criteria=Search%20criteria%20is%20Be%
This caused problems if you searched for something like %Belf as %Be is a reserved character in URL encoding. I therefore coded it to replace % with %25 (URL encoding representation of % symbol). This works fine on my test machine, where the URL is now results.aspx?criteria=Search%20Criteria%20is%20%25Be .
This however doesn't work on our clients website for some reason and I can't work out why. The page keeps error-ing with:
Error Code: 500 Internal Server Error. The request was rejected by the
HTTP filter. Contact the server administrator. (12217)
any time you search for something like %Be %Fa %Fe etc etc
Does anyone know if there is an IIS setting for this or something similar?
You might have URLScan installed on your server. URLScan intercepts requests and reject them if it detects invalid characters. It is meant to protect your website from malicious attacks and SQL injection. If you don't configure it correctly then it will reject perfectly reasonable requests. Take a look at the ISAPI filters on your website and see if URLScan is there.
Could this solve your problems? It is written by Zubair Alexander at http://blog.techgalaxy.net/archives/2521