Re: URLScan and Server Variables - ASP.NET

KarthikR79_at_gmail.com
Date: 11/08/05 

Date: 7 Nov 2005 17:31:47 -0800

David,

I was confirming that it is not a log produced by HTML page - where due
to some strange reason - Server side tags was added! :-)

> Having a HTML page with this server side variable to check how it
> is logged. URL Scan logs it as:

> Client at 127.0.0.1: URL contains sequence '%',
> which is disallowed. Request will be rejected. Site Instance='1', Raw
> URL='/<%=mapPath%>/img/icons/logo.gif'

> Note that "/VirDir/SubDir" is missing here as opposed to same kind
> of logging ASP.NET page with Server Variables.

That is expected and by design. HTML page would not have any
processing, so
the URL should be as-is, and that is exactly what the browser requested
and
URLScan denied. Nothing looks wrong here other.

But I'm not certain what you are trying to prove with this because it
doesn't prove anything.

David Wang [Msft] wrote:
> > Having a HTML page with this server side variable to check how it
> > is logged. URL Scan logs it as:
> >
> > Client at 127.0.0.1: URL contains sequence '%',
> > which is disallowed. Request will be rejected. Site Instance='1', Raw
> > URL='/<%=mapPath%>/img/icons/logo.gif'
> >
> > Note that "/VirDir/SubDir" is missing here as opposed to same kind
> > of logging ASP.NET page with Server Variables.
>
> That is expected and by design. HTML page would not have any processing, so
> the URL should be as-is, and that is exactly what the browser requested and
> URLScan denied. Nothing looks wrong here other.
>
> But I'm not certain what you are trying to prove with this because it
> doesn't prove anything.
>
>
> > I am not sure when IIS will stop processing ASP.NET as ASP.NET
> > and throw server side code to client!!! Is this due to load? Can I
> > track this using IIS Logs?
>
> I doubt load has anything to do with it, and I doubt IIS logs will help --
> log file is meant to track results of request processing (this is what
> people want in log files), not debug tracing of request execution and what
> steps were taken (this is what people want when they are trying to
> troubleshoot server-behavior).
>
> It seems that somewhere in there, ASP.Net fails to correctly process the
> page. That would have nothing to do with IIS nor URLScan -- you should be
> able to reproduce your situation WITHOUT URLScan running (since the
> unprocessed IMG tag will result in the same 404 that URLScan will send -- so
> from browser perspective, the two behaviors are the same).
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> <KarthikR79@gmail.com> wrote in message
> news:1130958350.018139.301430@f14g2000cwb.googlegroups.com...
> Hi David,
>
> Yeah - I see what you mean.
>
> I tried:
>
> Having a HTML page with this server side variable to check how it is
> logged. URL Scan logs it as:
>
> Client at 127.0.0.1: URL contains sequence '%',
> which is disallowed. Request will be rejected. Site Instance='1', Raw
> URL='/<%=mapPath%>/img/icons/logo.gif'
>
> Note that "/VirDir/SubDir" is missing here as opposed to same kind of
> logging ASP.NET page with Server Variables.
>
> I also have IISLockdown installed which maps HTML files to 404.dll but
> ASPX is mapped very much to aspnet_isapi.dll.
>
> I also got same kind of logging from a box which does not have Visual
> studio .NET in it - so that rules out VS.NET doing some trick while
> running via VS.NET
>
> Iam not sure when IIS will stop processing ASP.NET as ASP.NET and throw
> server side code to client!!! Is this due to load? Can I track this
> using IIS Logs?

Relevant Pages

  • Re: BackgroundWorker and showing a panel.
    ... The HTTP request is made, the server ... Much less somehow manipulating that HTML to now be something ... Protected Sub Button1_Click(ByVal sender As Object, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: URLScan and Server Variables - ASP.NET
    ... Request will be rejected. ... > of logging ASP.NET page with Server Variables. ... HTML page would not have any processing, ... > track this using IIS Logs? ...
    (microsoft.public.inetserver.iis.security)
  • Re: Page Cannot Be Displayed Errors
    ... not IIS, but something else. ... >>> directly on the web server, ... >>>>> I have done some additional checking in the logs. ... >>>>> either the request isn't even getting to IIS at this point, ...
    (microsoft.public.inetserver.iis)
  • Re: what happen when i request an ASP file???
    ... When a browser makes a request for page1.asp, ... code in can be interpreted, mixed with the HTML elements, to generate ... CSS is rendered by the client after it sees all the HTML ... Include file is simply a concatenation process by ASP on the server. ...
    (microsoft.public.inetserver.misc)
  • Re: Get and Post
    ... > Can anyone tell me what is the difference between Get and Post in HTML? ... as a browser) sends an HTTP request containing only an HTTP header. ... a GET request fetches some information from the server but doesn't ...
    (comp.programming)