Last post Jul 05, 2011 10:55 AM by JoeReynolds
Oct 14, 2010 02:59 PM|mase|LINK
I've installed the patch and added the necessary entry to the UrlScan.ini to deny the ?aspxerrorpath= query string variable.
However, this has caused every error to cause a redirect loop because ?aspxerrorpath= is still being added to every error page that gets thrown.
How can I tell IIS to stop adding this query string to the error pages? It's causing the redirect loop ... consider this scenario:
I've run the check script that Scott Gu posted and my sites are configured correctly as far as custom error pages and not having separate error statuses go to different pages.
mvc2 security Application_Error
Oct 14, 2010 04:24 PM|mase|LINK
One way to fix this, I guess, is to add "aspxerrorpath=/Rejected-By-UrlScan" to the [AlwaysAllowedQueryStrings] header.
At least then it won't do the redirect loop. I thought maybe it would be better to just remove the automatic addition of ?aspxerrorpath= query string all together. I'm just not sure if this is possible.
Jul 05, 2011 10:55 AM|JoeReynolds|LINK
Mase, have you ever sorted all this out? I'm seeing the same issue.