Jan 16, 2009 09:08 PM|RickNZ|LINK
Hmm. Interesting problem. I don't have an answer for you, but here's a little info that might help.
Ampersands in URLs work fine in Cassini, so I don't think the filtering is happening at the ASP.NET level.
http.sys rejects requests that contain certain characters, although I don't think ampersand is among them. See the following page for instructions on how to disable that check using the AllowRestrictedChars registry setting:
If you're running IIS 7, you might try turning off Modules to see if you can find one that's the culprit.