In the ASP.net web application that I am working on, there is a link like below
<a href="search.aspx?orig_q=source:%22INFCE/DEP./WG--8/48%22">INFCE/DEP./WG--8/48</a>
When I click on the link, it gives a File not found (404) error. I did a bit of research and believe that it is the presence of "./" (dot-slash) sequence in the link which is causing this error.
I tried encoding the link as below (though period is OK in a URL)
<a href="search.aspx?orig_q=source:%22INFCE%2FDEP%2E%2FWG--8%2F48%22">INFCE/DEP./WG--8/48</a>
But, it did not help. It still gives me the same error. Any ways to overcome this?
IIS 7.5 has rules to filter character sequences that appear in a querystring. The dot-slash was one of them, which is a potential security threat. It can be overcome by adding the below tag in the web.config under <security>
<requestFiltering>
<denyQueryStringSequences>
<remove sequence="./"/>
</denyQueryStringSequences>
</requestFiltering>