Hi Folks,
We recently upgraded our web server from IIS 6 to IIS 7.x
The issue we are facing now is "HTTP Error 404.11 - Not Found"
I realized that it's a double escape sequence issue (some of our URLs are like "Company_Network+_Exam.jpg").
To fix this, we add this line in web.config:
<requestFiltering allowDoubleEscaping="true"/>
But it's like we are killing default security. And we are kind of opening up a security hole here.
Could anyone please guide us how to deal with this issue so that it does not degrade atleast default security settings?
I mean what's the best and ideal way to fix this issue?
Your help is highly appreciated. Thanks.