We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 Server, and among the many annoyances and performance problems we've encountered with IIS6, I've noticed that URLs with hyphens now, inexplicably, display the hex code for the hyphen, %2D, in the address bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead of "http://www.blahblah.com/whats-up/." What the hell is going on, and how do I fix it (ie, the hyphen displays, not the hex code)? Getting rid of the hyphen is not an option, nor is using an underscore instead. (I try to avoid underscores in URLs -- when, on a Web page, such a URL is displayed formatted with the typical underline, the underscored blank space looks like just a blank space, and thus may be incorrectly rekeyed from memory with a blank space.)
news:825ecceb.0311231631.4dab9d67@posting.google.com... : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 : Server, and among the many annoyances and performance problems we've : encountered with IIS6, I've noticed that URLs with hyphens now, : inexplicably, display the hex code for the hyphen, %2D, in the address : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead : of "http://www.blahblah.com/whats-up/." What the hell is going on, and : how do I fix it (ie, the hyphen displays, not the hex code)? Getting : rid of the hyphen is not an option, nor is using an underscore : instead. (I try to avoid underscores in URLs -- when, on a Web page, : such a URL is displayed formatted with the typical underline, the : underscored blank space looks like just a blank space, and thus may be : incorrectly rekeyed from memory with a blank space.)
I don't know, Ken, I've experienced the same problem. Here's WFetch output, explicitly telling the browser to go to %2D:
started....Reusing existing connection (source port 4983)\nREQUEST: **************\nGET /enable-rd HTTP/1.1\r\n Host: www.visualwin.com\r\n Accept: */*\r\n \r\n RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n Content-Length: 160\r\n Content-Type: text/html\r\n Location: http://www.visualwin.com/enable%2Drd/\r\n Server: Microsoft-IIS/6.0\r\n Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n \r\n <head><title>Document Moved</title></head>\n<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished.
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
"Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message
> Have you put a trace on the HTTP traffic going back and forward?
> I suspect that this is an IE issue, not an IIS issue (IE is encoding the - > when it sends the initial request).
> Cheers > Ken
> "tzedekh" <tzede...@hotmail.com> wrote in message > news:825ecceb.0311231631.4dab9d67@posting.google.com... > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 > : Server, and among the many annoyances and performance problems we've > : encountered with IIS6, I've noticed that URLs with hyphens now, > : inexplicably, display the hex code for the hyphen, %2D, in the address > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead > : of "http://www.blahblah.com/whats-up/." What the hell is going on, and > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting > : rid of the hyphen is not an option, nor is using an underscore > : instead. (I try to avoid underscores in URLs -- when, on a Web page, > : such a URL is displayed formatted with the typical underline, the > : underscored blank space looks like just a blank space, and thus may be > : incorrectly rekeyed from memory with a blank space.)
I checked the HTTP spec, and - aren't in the reserved characters pool, so there should be no need to escape the "-" in the URL. Why would IIS6 take it apon itself to tell the client to issue a new request?!?
Cheers Ken
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... : I don't know, Ken, I've experienced the same problem. Here's WFetch output, : explicitly telling the browser to go to %2D: : : started....Reusing existing connection (source port 4983)\nREQUEST: : **************\nGET /enable-rd HTTP/1.1\r\n : Host: www.visualwin.com\r\n : Accept: */*\r\n : \r\n : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n : Content-Length: 160\r\n : Content-Type: text/html\r\n : Location: http://www.visualwin.com/enable%2Drd/\r\n : Server: Microsoft-IIS/6.0\r\n : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n : \r\n : <head><title>Document Moved</title></head>\n<body><h1>Object Moved</h1>This : document may be found <a : HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. : : -- : --Jonathan Maltz [Microsoft MVP - Windows Server] : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step : tutorial site :-) : Only reply by newsgroup. Any emails I have not authorized are deleted : before I see them. : : : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... : > Have you put a trace on the HTTP traffic going back and forward? : > : > I suspect that this is an IE issue, not an IIS issue (IE is encoding the - : > when it sends the initial request). : > : > Cheers : > Ken : > : > "tzedekh" <tzede...@hotmail.com> wrote in message : > news:825ecceb.0311231631.4dab9d67@posting.google.com... : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 : > : Server, and among the many annoyances and performance problems we've : > : encountered with IIS6, I've noticed that URLs with hyphens now, : > : inexplicably, display the hex code for the hyphen, %2D, in the address : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead : > : of "http://www.blahblah.com/whats-up/." What the hell is going on, and : > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting : > : rid of the hyphen is not an option, nor is using an underscore : > : instead. (I try to avoid underscores in URLs -- when, on a Web page, : > : such a URL is displayed formatted with the typical underline, the : > : underscored blank space looks like just a blank space, and thus may be : > : incorrectly rekeyed from memory with a blank space.) : > : > : :
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
"Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message
> I checked the HTTP spec, and - aren't in the reserved characters pool, so > there should be no need to escape the "-" in the URL. Why would IIS6 take it > apon itself to tell the client to issue a new request?!?
> Cheers > Ken
> "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... > : I don't know, Ken, I've experienced the same problem. Here's WFetch > output, > : explicitly telling the browser to go to %2D: > : > : started....Reusing existing connection (source port 4983)\nREQUEST: > : **************\nGET /enable-rd HTTP/1.1\r\n > : Host: www.visualwin.com\r\n > : Accept: */*\r\n > : \r\n > : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n > : Content-Length: 160\r\n > : Content-Type: text/html\r\n > : Location: http://www.visualwin.com/enable%2Drd/\r\n > : Server: Microsoft-IIS/6.0\r\n > : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n > : \r\n > : <head><title>Document Moved</title></head>\n<body><h1>Object > Moved</h1>This > : document may be found <a > : HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. > : > : -- > : --Jonathan Maltz [Microsoft MVP - Windows Server] > : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > : tutorial site :-) > : Only reply by newsgroup. Any emails I have not authorized are deleted > : before I see them. > : > : > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > : > Have you put a trace on the HTTP traffic going back and forward? > : > > : > I suspect that this is an IE issue, not an IIS issue (IE is encoding > the - > : > when it sends the initial request). > : > > : > Cheers > : > Ken > : > > : > "tzedekh" <tzede...@hotmail.com> wrote in message > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 > : > : Server, and among the many annoyances and performance problems we've > : > : encountered with IIS6, I've noticed that URLs with hyphens now, > : > : inexplicably, display the hex code for the hyphen, %2D, in the address > : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead > : > : of "http://www.blahblah.com/whats-up/." What the hell is going on, and > : > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting > : > : rid of the hyphen is not an option, nor is using an underscore > : > : instead. (I try to avoid underscores in URLs -- when, on a Web page, > : > : such a URL is displayed formatted with the typical underline, the > : > : underscored blank space looks like just a blank space, and thus may be > : > : incorrectly rekeyed from memory with a blank space.) > : > > : > > : > :
And of course, I hope they do fix it, but he said they won't in IIS 6 :-/
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
"Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message
> I checked the HTTP spec, and - aren't in the reserved characters pool, so > there should be no need to escape the "-" in the URL. Why would IIS6 take it > apon itself to tell the client to issue a new request?!?
> Cheers > Ken
> "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... > : I don't know, Ken, I've experienced the same problem. Here's WFetch > output, > : explicitly telling the browser to go to %2D: > : > : started....Reusing existing connection (source port 4983)\nREQUEST: > : **************\nGET /enable-rd HTTP/1.1\r\n > : Host: www.visualwin.com\r\n > : Accept: */*\r\n > : \r\n > : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n > : Content-Length: 160\r\n > : Content-Type: text/html\r\n > : Location: http://www.visualwin.com/enable%2Drd/\r\n > : Server: Microsoft-IIS/6.0\r\n > : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n > : \r\n > : <head><title>Document Moved</title></head>\n<body><h1>Object > Moved</h1>This > : document may be found <a > : HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. > : > : -- > : --Jonathan Maltz [Microsoft MVP - Windows Server] > : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > : tutorial site :-) > : Only reply by newsgroup. Any emails I have not authorized are deleted > : before I see them. > : > : > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > : > Have you put a trace on the HTTP traffic going back and forward? > : > > : > I suspect that this is an IE issue, not an IIS issue (IE is encoding > the - > : > when it sends the initial request). > : > > : > Cheers > : > Ken > : > > : > "tzedekh" <tzede...@hotmail.com> wrote in message > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 > : > : Server, and among the many annoyances and performance problems we've > : > : encountered with IIS6, I've noticed that URLs with hyphens now, > : > : inexplicably, display the hex code for the hyphen, %2D, in the address > : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead > : > : of "http://www.blahblah.com/whats-up/." What the hell is going on, and > : > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting > : > : rid of the hyphen is not an option, nor is using an underscore > : > : instead. (I try to avoid underscores in URLs -- when, on a Web page, > : > : such a URL is displayed formatted with the typical underline, the > : > : underscored blank space looks like just a blank space, and thus may be > : > : incorrectly rekeyed from memory with a blank space.) > : > > : > > : > :
OK - I agree that the encoding is not desirable there. However, when you request /directory the server does send back a 302 message indicating a request should be made for /directory/ -or- /directory/document.ext
However, I think it's a bit crazy for a request for:
/directory/document.ext
to be met with a 301 response telling the browser to send a further request (with one character encoded). Surely that can't be good for perceived responsiveness by the end user?
Cheers Ken
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message news:%23CpIcoksDHA.2432@TK2MSFTNGP10.phx.gbl... : To this, David Wang answers: : http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=ea%2... : : -- : --Jonathan Maltz [Microsoft MVP - Windows Server] : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step : tutorial site :-) : Only reply by newsgroup. Any emails I have not authorized are deleted : before I see them. : : : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message : news:eRq67YjsDHA.684@TK2MSFTNGP09.phx.gbl... : > Wow - that's kinda crazy if you ask me... : > : > I checked the HTTP spec, and - aren't in the reserved characters pool, so : > there should be no need to escape the "-" in the URL. Why would IIS6 take : it : > apon itself to tell the client to issue a new request?!? : > : > Cheers : > Ken : > : > : > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message : > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... : > : I don't know, Ken, I've experienced the same problem. Here's WFetch : > output, : > : explicitly telling the browser to go to %2D: : > : : > : started....Reusing existing connection (source port 4983)\nREQUEST: : > : **************\nGET /enable-rd HTTP/1.1\r\n : > : Host: www.visualwin.com\r\n : > : Accept: */*\r\n : > : \r\n : > : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n : > : Content-Length: 160\r\n : > : Content-Type: text/html\r\n : > : Location: http://www.visualwin.com/enable%2Drd/\r\n : > : Server: Microsoft-IIS/6.0\r\n : > : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n : > : \r\n : > : <head><title>Document Moved</title></head>\n<body><h1>Object : > Moved</h1>This : > : document may be found <a : > : HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. : > : : > : -- : > : --Jonathan Maltz [Microsoft MVP - Windows Server] : > : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step : > : tutorial site :-) : > : Only reply by newsgroup. Any emails I have not authorized are deleted : > : before I see them. : > : : > : : > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message : > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... : > : > Have you put a trace on the HTTP traffic going back and forward? : > : > : > : > I suspect that this is an IE issue, not an IIS issue (IE is encoding : > the - : > : > when it sends the initial request). : > : > : > : > Cheers : > : > Ken : > : > : > : > "tzedekh" <tzede...@hotmail.com> wrote in message : > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... : > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 : > : > : Server, and among the many annoyances and performance problems we've : > : > : encountered with IIS6, I've noticed that URLs with hyphens now, : > : > : inexplicably, display the hex code for the hyphen, %2D, in the : address : > : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" : instead : > : > : of "http://www.blahblah.com/whats-up/." What the hell is going on, : and : > : > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting : > : > : rid of the hyphen is not an option, nor is using an underscore : > : > : instead. (I try to avoid underscores in URLs -- when, on a Web page, : > : > : such a URL is displayed formatted with the typical underline, the : > : > : underscored blank space looks like just a blank space, and thus may : be : > : > : incorrectly rekeyed from memory with a blank space.) : > : > : > : > : > : : > : : > : > : :
I know - makes some of my sub-pages' URLs look kind of ugly to the end user as well :-/ Not sure if it did this in IIS RC1...Oh well, best we can do is provide feedback - Microsoft reads this group and end user feedback is important
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
"Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message
> OK - I agree that the encoding is not desirable there. However, when you > request /directory the server does send back a 302 message indicating a > request should be made for /directory/ -or- /directory/document.ext
> However, I think it's a bit crazy for a request for:
> /directory/document.ext
> to be met with a 301 response telling the browser to send a further request > (with one character encoded). Surely that can't be good for perceived > responsiveness by the end user?
> : > : > : > : -- > : > : --Jonathan Maltz [Microsoft MVP - Windows Server] > : > : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > : > : tutorial site :-) > : > : Only reply by newsgroup. Any emails I have not authorized are deleted > : > : before I see them. > : > : > : > : > : > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > : > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > : > : > Have you put a trace on the HTTP traffic going back and forward? > : > : > > : > : > I suspect that this is an IE issue, not an IIS issue (IE is encoding > : > the - > : > : > when it sends the initial request). > : > : > > : > : > Cheers > : > : > Ken > : > : > > : > : > "tzedekh" <tzede...@hotmail.com> wrote in message > : > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > : > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on > 2003 > : > : > : Server, and among the many annoyances and performance problems > we've > : > : > : encountered with IIS6, I've noticed that URLs with hyphens now, > : > : > : inexplicably, display the hex code for the hyphen, %2D, in the > : address > : > : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" > : instead > : > : > : of "http://www.blahblah.com/whats-up/." What the hell is going on, > : and > : > : > : how do I fix it (ie, the hyphen displays, not the hex code)? > Getting > : > : > : rid of the hyphen is not an option, nor is using an underscore > : > : > : instead. (I try to avoid underscores in URLs -- when, on a Web > page, > : > : > : such a URL is displayed formatted with the typical underline, the > : > : > : underscored blank space looks like just a blank space, and thus > may > : be > : > : > : incorrectly rekeyed from memory with a blank space.) > : > : > > : > : > > : > : > : > : > : > > : > > : > :
I couldn't help but notice the URL below, so I tried it. In Mozilla 1.3 and IE 6.0.2 SP2 it works fine. (Hyphen works OK)
I looked up the code and it appears correct.
The original poster appears to come from Germany, so maybe a difference (bug?) in the language used on the OS is causing this problem? Is there a difference in the German version of windows for the hyphen? Is there a difference between the languages used on the server and client? (i.e. English Windows on the server and German Windows on the client)
It seems like this is indeed a client problem, which makes it harder to fix and less likely that the users will know to fix it or how if they knew there was an error.
> I don't know, Ken, I've experienced the same problem. Here's WFetch output, > explicitly telling the browser to go to %2D:
> started....Reusing existing connection (source port 4983)\nREQUEST: > **************\nGET /enable-rd HTTP/1.1\r\n > Host: www.visualwin.com\r\n > Accept: */*\r\n > \r\n > RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n > Content-Length: 160\r\n > Content-Type: text/html\r\n > Location: http://www.visualwin.com/enable%2Drd/\r\n > Server: Microsoft-IIS/6.0\r\n > Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n > \r\n > <head><title>Document Moved</title></head>\n<body><h1>Object Moved</h1>This > document may be found <a > HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished.
> -- > --Jonathan Maltz [Microsoft MVP - Windows Server] > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > tutorial site :-) > Only reply by newsgroup. Any emails I have not authorized are deleted > before I see them.
> "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > > Have you put a trace on the HTTP traffic going back and forward?
> > I suspect that this is an IE issue, not an IIS issue (IE is encoding the - > > when it sends the initial request).
> > Cheers > > Ken
> > "tzedekh" <tzede...@hotmail.com> wrote in message > > news:825ecceb.0311231631.4dab9d67@posting.google.com... > > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 > > : Server, and among the many annoyances and performance problems we've > > : encountered with IIS6, I've noticed that URLs with hyphens now, > > : inexplicably, display the hex code for the hyphen, %2D, in the address > > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead > > : of "http://www.blahblah.com/whats-up/." What the hell is going on, and > > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting > > : rid of the hyphen is not an option, nor is using an underscore > > : instead. (I try to avoid underscores in URLs -- when, on a Web page, > > : such a URL is displayed formatted with the typical underline, the > > : underscored blank space looks like just a blank space, and thus may be > > : incorrectly rekeyed from memory with a blank space.)
Perhaps Mozilla didn't update the address bar, but what I pasted was proof that IIS is telling the client to go to %2D instead of - (by issuing the HTTP/1.1 301 Moved Permanently)
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
"Sparky Polastri" <jafi...@MUNGEDyahoo.com> wrote in message
> I couldn't help but notice the URL below, so I tried it. In Mozilla 1.3 and > IE 6.0.2 SP2 it works fine. (Hyphen works OK)
> I looked up the code and it appears correct.
> The original poster appears to come from Germany, so maybe a difference > (bug?) in the language used on the OS is causing this problem? Is there a > difference in the German version of windows for the hyphen? Is there a > difference between the languages used on the server and client? (i.e. > English Windows on the server and German Windows on the client)
> It seems like this is indeed a client problem, which makes it harder to fix > and less likely that the users will know to fix it or how if they knew there > was an error.
> "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... > > I don't know, Ken, I've experienced the same problem. Here's WFetch > output, > > explicitly telling the browser to go to %2D:
> > -- > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > Only reply by newsgroup. Any emails I have not authorized are deleted > > before I see them.
> > "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > > > Have you put a trace on the HTTP traffic going back and forward?
> > > I suspect that this is an IE issue, not an IIS issue (IE is encoding > the - > > > when it sends the initial request).
> > > Cheers > > > Ken
> > > "tzedekh" <tzede...@hotmail.com> wrote in message > > > news:825ecceb.0311231631.4dab9d67@posting.google.com... > > > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 > > > : Server, and among the many annoyances and performance problems we've > > > : encountered with IIS6, I've noticed that URLs with hyphens now, > > > : inexplicably, display the hex code for the hyphen, %2D, in the address > > > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead > > > : of "http://www.blahblah.com/whats-up/." What the hell is going on, and > > > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting > > > : rid of the hyphen is not an option, nor is using an underscore > > > : instead. (I try to avoid underscores in URLs -- when, on a Web page, > > > : such a URL is displayed formatted with the typical underline, the > > > : underscored blank space looks like just a blank space, and thus may be > > > : incorrectly rekeyed from memory with a blank space.)
I'm not positive, but off the top of my head, I suspect that this escaping is happening as a measure to prevent cross site scripting via redirect. The idea here is that it's probably common for code running on the server to issue redirects to locations based on data from the client. Because of the likelyhood of untrusted (ie. client) data in the redirect location, IIS will escape encode all redirects. This will prevent the client from running embedded script on the location header. If this character were a '<' or a '>', you would want it to be escaped.
I'll take a look at the escape logic. If we are encoding characters that we shouldn't be, then that's something I can consider as a bug for SP1.
> And of course, I hope they do fix it, but he said they won't in IIS 6 :-/
> -- > --Jonathan Maltz [Microsoft MVP - Windows Server] > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > tutorial site :-) > Only reply by newsgroup. Any emails I have not authorized are deleted > before I see them.
> > I checked the HTTP spec, and - aren't in the reserved characters pool, so > > there should be no need to escape the "-" in the URL. Why would IIS6 take > it > > apon itself to tell the client to issue a new request?!?
> > Cheers > > Ken
> > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... > > : I don't know, Ken, I've experienced the same problem. Here's WFetch > > output, > > : explicitly telling the browser to go to %2D: > > : > > : started....Reusing existing connection (source port 4983)\nREQUEST: > > : **************\nGET /enable-rd HTTP/1.1\r\n > > : Host: www.visualwin.com\r\n > > : Accept: */*\r\n > > : \r\n > > : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n > > : Content-Length: 160\r\n > > : Content-Type: text/html\r\n > > : Location: http://www.visualwin.com/enable%2Drd/\r\n > > : Server: Microsoft-IIS/6.0\r\n > > : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n > > : \r\n > > : <head><title>Document Moved</title></head>\n<body><h1>Object > > Moved</h1>This > > : document may be found <a > > : HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. > > : > > : -- > > : --Jonathan Maltz [Microsoft MVP - Windows Server] > > : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > : tutorial site :-) > > : Only reply by newsgroup. Any emails I have not authorized are deleted > > : before I see them. > > : > > : > > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > > : > Have you put a trace on the HTTP traffic going back and forward? > > : > > > : > I suspect that this is an IE issue, not an IIS issue (IE is encoding > > the - > > : > when it sends the initial request). > > : > > > : > Cheers > > : > Ken > > : > > > : > "tzedekh" <tzede...@hotmail.com> wrote in message > > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003 > > : > : Server, and among the many annoyances and performance problems we've > > : > : encountered with IIS6, I've noticed that URLs with hyphens now, > > : > : inexplicably, display the hex code for the hyphen, %2D, in the > address > > : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" > instead > > : > : of "http://www.blahblah.com/whats-up/." What the hell is going on, > and > > : > : how do I fix it (ie, the hyphen displays, not the hex code)? Getting > > : > : rid of the hyphen is not an option, nor is using an underscore > > : > : instead. (I try to avoid underscores in URLs -- when, on a Web page, > > : > : such a URL is displayed formatted with the typical underline, the > > : > : underscored blank space looks like just a blank space, and thus may > be > > : > : incorrectly rekeyed from memory with a blank space.) > > : > > > : > > > : > > :
None the less, this still isn't desirable behavior, and instead of issuing an encoded redirect with a trailing slash, it shouldn't be encoded for URLs with dashes.
Thanks,
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
> I'm not positive, but off the top of my head, I suspect that this escaping > is happening as a measure to prevent cross site scripting via redirect. The > idea here is that it's probably common for code running on the server to > issue redirects to locations based on data from the client. Because of the > likelyhood of untrusted (ie. client) data in the redirect location, IIS will > escape encode all redirects. This will prevent the client from running > embedded script on the location header. If this character were a '<' or a > '>', you would want it to be escaped.
> I'll take a look at the escape logic. If we are encoding characters that we > shouldn't be, then that's something I can consider as a bug for SP1.
> Thank you, > -Wade A. Hilmo, > -Microsoft
> "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > news:utvWtoksDHA.2136@TK2MSFTNGP10.phx.gbl... > > And of course, I hope they do fix it, but he said they won't in IIS 6 :-/
> > -- > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > Only reply by newsgroup. Any emails I have not authorized are deleted > > before I see them.
> > > I checked the HTTP spec, and - aren't in the reserved characters pool, > so > > > there should be no need to escape the "-" in the URL. Why would IIS6 > take > > it > > > apon itself to tell the client to issue a new request?!?
> > > : > > > : -- > > > : --Jonathan Maltz [Microsoft MVP - Windows Server] > > > : http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > > : tutorial site :-) > > > : Only reply by newsgroup. Any emails I have not authorized are deleted > > > : before I see them. > > > : > > > : > > > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > > > : > Have you put a trace on the HTTP traffic going back and forward? > > > : > > > > : > I suspect that this is an IE issue, not an IIS issue (IE is encoding > > > the - > > > : > when it sends the initial request). > > > : > > > > : > Cheers > > > : > Ken > > > : > > > > : > "tzedekh" <tzede...@hotmail.com> wrote in message > > > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > > > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on > 2003 > > > : > : Server, and among the many annoyances and performance problems > we've > > > : > : encountered with IIS6, I've noticed that URLs with hyphens now, > > > : > : inexplicably, display the hex code for the hyphen, %2D, in the > > address > > > : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" > > instead > > > : > : of "http://www.blahblah.com/whats-up/." What the hell is going on, > > and > > > : > : how do I fix it (ie, the hyphen displays, not the hex code)? > Getting > > > : > : rid of the hyphen is not an option, nor is using an underscore > > > : > : instead. (I try to avoid underscores in URLs -- when, on a Web > page, > > > : > : such a URL is displayed formatted with the typical underline, the > > > : > : underscored blank space looks like just a blank space, and thus > may > > be > > > : > : incorrectly rekeyed from memory with a blank space.) > > > : > > > > : > > > > : > > > :
The redirect you refer to is called a "courtesy redirect".
The URL below - without a trailing slash - is a specifically a request for a file called "host-header" in the home directory. Since there is no such file, and there is no other code running on the server (ie. an ISAPI) that recognizes the original URL, the original request should technically fail with a 404. If the below URL contained a trailing slash, it would be a different request. In that case, it would be a request for a directory listing in the "host-header" directory (although the server might choose to send a default document instead). Because it is very common for users to omit the trailing slash, IIS will issue response that will cause the client to reissue the request for a directory if the original URL cannot be served.
I am pretty sure that you would see the escaping of the '-' character if the IIS redirect code were hit any other way (ie. if an ISAPI used HSE_REQ_SEND_URL_REDIRECT_RESP, or an ASP page send a redirect to a URL containing a '-', etc.)
> None the less, this still isn't desirable behavior, and instead of issuing > an encoded redirect with a trailing slash, it shouldn't be encoded for URLs > with dashes.
> Thanks,
> -- > --Jonathan Maltz [Microsoft MVP - Windows Server] > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > tutorial site :-) > Only reply by newsgroup. Any emails I have not authorized are deleted > before I see them.
> > I'm not positive, but off the top of my head, I suspect that this escaping > > is happening as a measure to prevent cross site scripting via redirect. > The > > idea here is that it's probably common for code running on the server to > > issue redirects to locations based on data from the client. Because of > the > > likelyhood of untrusted (ie. client) data in the redirect location, IIS > will > > escape encode all redirects. This will prevent the client from running > > embedded script on the location header. If this character were a '<' or a > > '>', you would want it to be escaped.
> > I'll take a look at the escape logic. If we are encoding characters that > we > > shouldn't be, then that's something I can consider as a bug for SP1.
> > Thank you, > > -Wade A. Hilmo, > > -Microsoft
> > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > news:utvWtoksDHA.2136@TK2MSFTNGP10.phx.gbl... > > > And of course, I hope they do fix it, but he said they won't in IIS 6 > :-/
> > > -- > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > > tutorial site :-) > > > Only reply by newsgroup. Any emails I have not authorized are deleted > > > before I see them.
> > > > I checked the HTTP spec, and - aren't in the reserved characters pool, > > so > > > > there should be no need to escape the "-" in the URL. Why would IIS6 > > take > > > it > > > > apon itself to tell the client to issue a new request?!?
> > > > Cheers > > > > Ken
> > > > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > > > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... > > > > : I don't know, Ken, I've experienced the same problem. Here's WFetch > > > > output, > > > > : explicitly telling the browser to go to %2D: > > > > : > > > > : started....Reusing existing connection (source port 4983)\nREQUEST: > > > > : **************\nGET /enable-rd HTTP/1.1\r\n > > > > : Host: www.visualwin.com\r\n > > > > : Accept: */*\r\n > > > > : \r\n > > > > : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n > > > > : Content-Length: 160\r\n > > > > : Content-Type: text/html\r\n > > > > : Location: http://www.visualwin.com/enable%2Drd/\r\n > > > > : Server: Microsoft-IIS/6.0\r\n > > > > : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n > > > > : \r\n > > > > : <head><title>Document Moved</title></head>\n<body><h1>Object > > > > Moved</h1>This > > > > : document may be found <a > > > > : > HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. > > > > : > > > > : -- > > > > : --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > : http://www.visualwin.com - A Windows Server 2003 visual, > step-by-step > > > > : tutorial site :-) > > > > : Only reply by newsgroup. Any emails I have not authorized are > deleted > > > > : before I see them. > > > > : > > > > : > > > > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > > > > : > Have you put a trace on the HTTP traffic going back and forward? > > > > : > > > > > : > I suspect that this is an IE issue, not an IIS issue (IE is > encoding > > > > the - > > > > : > when it sends the initial request). > > > > : > > > > > : > Cheers > > > > : > Ken > > > > : > > > > > : > "tzedekh" <tzede...@hotmail.com> wrote in message > > > > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > > > > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 on > > 2003 > > > > : > : Server, and among the many annoyances and performance problems > > we've > > > > : > : encountered with IIS6, I've noticed that URLs with hyphens now, > > > > : > : inexplicably, display the hex code for the hyphen, %2D, in the > > > address > > > > : > : bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" > > > instead > > > > : > : of "http://www.blahblah.com/whats-up/." What the hell is going > on, > > > and > > > > : > : how do I fix it (ie, the hyphen displays, not the hex code)? > > Getting > > > > : > : rid of the hyphen is not an option, nor is using an underscore > > > > : > : instead. (I try to avoid underscores in URLs -- when, on a Web > > page, > > > > : > : such a URL is displayed formatted with the typical underline, > the > > > > : > : underscored blank space looks like just a blank space, and thus > > may > > > be > > > > : > : incorrectly rekeyed from memory with a blank space.) > > > > : > > > > > : > > > > > : > > > > :
OK, now it does make more sense. Are you suggesting that it would be more correct to link to directories with a trailing slash?
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
> The redirect you refer to is called a "courtesy redirect".
> The URL below - without a trailing slash - is a specifically a request for a > file called "host-header" in the home directory. Since there is no such > file, and there is no other code running on the server (ie. an ISAPI) that > recognizes the original URL, the original request should technically fail > with a 404. If the below URL contained a trailing slash, it would be a > different request. In that case, it would be a request for a directory > listing in the "host-header" directory (although the server might choose to > send a default document instead). Because it is very common for users to > omit the trailing slash, IIS will issue response that will cause the client > to reissue the request for a directory if the original URL cannot be served.
> I am pretty sure that you would see the escaping of the '-' character if the > IIS redirect code were hit any other way (ie. if an ISAPI used > HSE_REQ_SEND_URL_REDIRECT_RESP, or an ASP page send a redirect to a URL > containing a '-', etc.)
> > None the less, this still isn't desirable behavior, and instead of issuing > > an encoded redirect with a trailing slash, it shouldn't be encoded for > URLs > > with dashes.
> > Thanks,
> > -- > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > Only reply by newsgroup. Any emails I have not authorized are deleted > > before I see them.
> > > I'm not positive, but off the top of my head, I suspect that this > escaping > > > is happening as a measure to prevent cross site scripting via redirect. > > The > > > idea here is that it's probably common for code running on the server to > > > issue redirects to locations based on data from the client. Because of > > the > > > likelyhood of untrusted (ie. client) data in the redirect location, IIS > > will > > > escape encode all redirects. This will prevent the client from running > > > embedded script on the location header. If this character were a '<' or > a > > > '>', you would want it to be escaped.
> > > I'll take a look at the escape logic. If we are encoding characters > that > > we > > > shouldn't be, then that's something I can consider as a bug for SP1.
> > > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > > news:utvWtoksDHA.2136@TK2MSFTNGP10.phx.gbl... > > > > And of course, I hope they do fix it, but he said they won't in IIS 6 > > :-/
> > > > -- > > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > > > tutorial site :-) > > > > Only reply by newsgroup. Any emails I have not authorized are deleted > > > > before I see them.
> > > > "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > > news:eRq67YjsDHA.684@TK2MSFTNGP09.phx.gbl... > > > > > Wow - that's kinda crazy if you ask me...
> > > > > I checked the HTTP spec, and - aren't in the reserved characters > pool, > > > so > > > > > there should be no need to escape the "-" in the URL. Why would IIS6 > > > take > > > > it > > > > > apon itself to tell the client to issue a new request?!?
> > > > > Cheers > > > > > Ken
> > > > > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > > > > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... > > > > > : I don't know, Ken, I've experienced the same problem. Here's > WFetch > > > > > output, > > > > > : explicitly telling the browser to go to %2D: > > > > > : > > > > > : started....Reusing existing connection (source port > 4983)\nREQUEST: > > > > > : **************\nGET /enable-rd HTTP/1.1\r\n > > > > > : Host: www.visualwin.com\r\n > > > > > : Accept: */*\r\n > > > > > : \r\n > > > > > : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n > > > > > : Content-Length: 160\r\n > > > > > : Content-Type: text/html\r\n > > > > > : Location: http://www.visualwin.com/enable%2Drd/\r\n > > > > > : Server: Microsoft-IIS/6.0\r\n > > > > > : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n > > > > > : \r\n > > > > > : <head><title>Document Moved</title></head>\n<body><h1>Object > > > > > Moved</h1>This > > > > > : document may be found <a > > > > > : > > HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. > > > > > : > > > > > : -- > > > > > : --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > > : http://www.visualwin.com - A Windows Server 2003 visual, > > step-by-step > > > > > : tutorial site :-) > > > > > : Only reply by newsgroup. Any emails I have not authorized are > > deleted > > > > > : before I see them. > > > > > : > > > > > : > > > > > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > > > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > > > > > : > Have you put a trace on the HTTP traffic going back and forward? > > > > > : > > > > > > : > I suspect that this is an IE issue, not an IIS issue (IE is > > encoding > > > > > the - > > > > > : > when it sends the initial request). > > > > > : > > > > > > : > Cheers > > > > > : > Ken > > > > > : > > > > > > : > "tzedekh" <tzede...@hotmail.com> wrote in message > > > > > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > > > > > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 > on > > > 2003 > > > > > : > : Server, and among the many annoyances and performance problems > > > we've > > > > > : > : encountered with IIS6, I've noticed that URLs with hyphens > now, > > > > > : > : inexplicably, display the hex code for the hyphen, %2D, in the > > > > address > > > > > : > : bar of a browser -- eg,
> > > > instead > > > > > : > : of "http://www.blahblah.com/whats-up/." What the hell is going > > on, > > > > and > > > > > : > : how do I fix it (ie, the hyphen displays, not the hex code)? > > > Getting > > > > > : > : rid of the hyphen is not an option, nor is using an underscore > > > > > : > : instead. (I try to avoid underscores in URLs -- when, on a Web > > > page, > > > > > : > : such a URL is displayed formatted with the typical underline, > > the > > > > > : > : underscored blank space looks like just a blank space, and > thus > > > may > > > > be > > > > > : > : incorrectly rekeyed from memory with a blank space.) > > > > > : > > > > > > : > > > > > > : > > > > > :
Yes. If you were to do that, it would save the round trip to do the redirection (and should also prevent the client updating the address line as a result of that redirection).
> OK, now it does make more sense. Are you suggesting that it would be more > correct to link to directories with a trailing slash?
> -- > --Jonathan Maltz [Microsoft MVP - Windows Server] > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > tutorial site :-) > Only reply by newsgroup. Any emails I have not authorized are deleted > before I see them.
> > The redirect you refer to is called a "courtesy redirect".
> > The URL below - without a trailing slash - is a specifically a request for > a > > file called "host-header" in the home directory. Since there is no such > > file, and there is no other code running on the server (ie. an ISAPI) that > > recognizes the original URL, the original request should technically fail > > with a 404. If the below URL contained a trailing slash, it would be a > > different request. In that case, it would be a request for a directory > > listing in the "host-header" directory (although the server might choose > to > > send a default document instead). Because it is very common for users to > > omit the trailing slash, IIS will issue response that will cause the > client > > to reissue the request for a directory if the original URL cannot be > served.
> > I am pretty sure that you would see the escaping of the '-' character if > the > > IIS redirect code were hit any other way (ie. if an ISAPI used > > HSE_REQ_SEND_URL_REDIRECT_RESP, or an ASP page send a redirect to a URL > > containing a '-', etc.)
> > > None the less, this still isn't desirable behavior, and instead of > issuing > > > an encoded redirect with a trailing slash, it shouldn't be encoded for > > URLs > > > with dashes.
> > > Thanks,
> > > -- > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > > tutorial site :-) > > > Only reply by newsgroup. Any emails I have not authorized are deleted > > > before I see them.
> > > > I'm not positive, but off the top of my head, I suspect that this > > escaping > > > > is happening as a measure to prevent cross site scripting via > redirect. > > > The > > > > idea here is that it's probably common for code running on the server > to > > > > issue redirects to locations based on data from the client. Because > of > > > the > > > > likelyhood of untrusted (ie. client) data in the redirect location, > IIS > > > will > > > > escape encode all redirects. This will prevent the client from > running > > > > embedded script on the location header. If this character were a '<' > or > > a > > > > '>', you would want it to be escaped.
> > > > I'll take a look at the escape logic. If we are encoding characters > > that > > > we > > > > shouldn't be, then that's something I can consider as a bug for SP1.
> > > > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > > > news:utvWtoksDHA.2136@TK2MSFTNGP10.phx.gbl... > > > > > And of course, I hope they do fix it, but he said they won't in IIS > 6 > > > :-/
> > > > > -- > > > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > > http://www.visualwin.com - A Windows Server 2003 visual, > step-by-step > > > > > tutorial site :-) > > > > > Only reply by newsgroup. Any emails I have not authorized are > deleted > > > > > before I see them.
> > > > > "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > > > news:eRq67YjsDHA.684@TK2MSFTNGP09.phx.gbl... > > > > > > Wow - that's kinda crazy if you ask me...
> > > > > > I checked the HTTP spec, and - aren't in the reserved characters > > pool, > > > > so > > > > > > there should be no need to escape the "-" in the URL. Why would > IIS6 > > > > take > > > > > it > > > > > > apon itself to tell the client to issue a new request?!?
> > > > > > Cheers > > > > > > Ken
> > > > > > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > > > > > news:uFDFxLjsDHA.1888@TK2MSFTNGP10.phx.gbl... > > > > > > : I don't know, Ken, I've experienced the same problem. Here's > > WFetch > > > > > > output, > > > > > > : explicitly telling the browser to go to %2D: > > > > > > : > > > > > > : started....Reusing existing connection (source port > > 4983)\nREQUEST: > > > > > > : **************\nGET /enable-rd HTTP/1.1\r\n > > > > > > : Host: www.visualwin.com\r\n > > > > > > : Accept: */*\r\n > > > > > > : \r\n > > > > > > : RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n > > > > > > : Content-Length: 160\r\n > > > > > > : Content-Type: text/html\r\n > > > > > > : Location: http://www.visualwin.com/enable%2Drd/\r\n > > > > > > : Server: Microsoft-IIS/6.0\r\n > > > > > > : Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n > > > > > > : \r\n > > > > > > : <head><title>Document Moved</title></head>\n<body><h1>Object > > > > > > Moved</h1>This > > > > > > : document may be found <a > > > > > > : > > > HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished. > > > > > > : > > > > > > : -- > > > > > > : --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > > > : http://www.visualwin.com - A Windows Server 2003 visual, > > > step-by-step > > > > > > : tutorial site :-) > > > > > > : Only reply by newsgroup. Any emails I have not authorized are > > > deleted > > > > > > : before I see them. > > > > > > : > > > > > > : > > > > > > : "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > > > > : news:utXcQnisDHA.684@TK2MSFTNGP09.phx.gbl... > > > > > > : > Have you put a trace on the HTTP traffic going back and > forward? > > > > > > : > > > > > > > : > I suspect that this is an IE issue, not an IIS issue (IE is > > > encoding > > > > > > the - > > > > > > : > when it sends the initial request). > > > > > > : > > > > > > > : > Cheers > > > > > > : > Ken > > > > > > : > > > > > > > : > "tzedekh" <tzede...@hotmail.com> wrote in message > > > > > > : > news:825ecceb.0311231631.4dab9d67@posting.google.com... > > > > > > : > : We recently migrated our Web site from IIS5 on Win2K to IIS6 > > on > > > > 2003 > > > > > > : > : Server, and among the many annoyances and performance > problems > > > > we've > > > > > > : > : encountered with IIS6, I've noticed that URLs with hyphens > > now, > > > > > > : > : inexplicably, display the hex code for the hyphen, %2D, in > the > > > > > address > > > > > > : > : bar of a browser -- eg, > "http://www.blahblah.com/whats%2Dup/" > > > > > instead > > > > > > : > : of "http://www.blahblah.com/whats-up/." What the hell is > going > > > on, > > > > > and > > > > > > : > : how do I fix it (ie, the hyphen displays, not the hex code)? > > > > Getting > > > > > > : > : rid of the hyphen is not an option, nor is using an > underscore > > > > > > : > : instead. (I try to avoid underscores in URLs -- when, on a > Web > > > > page, > > > > > > : > : such a URL is displayed formatted with the typical > underline, > > > the > > > > > > : > : underscored blank space looks like just a blank space, and > > thus > > > > may > > > > > be > > > > > > : > : incorrectly rekeyed from memory with a blank space.) > > > > > > : > > > > > > > : > > > > > > > : > > > > > > :
Just a note - this also goes to linking the default document at a site, technically the link should be <a href="http://www.microsoft.com/">Microsoft.com</a>, note the trailing slash.
> Yes. If you were to do that, it would save the round trip to do the > redirection (and should also prevent the client updating the address line as > a result of that redirection).
> Thank you, > -Wade A. Hilmo, > -Microsoft
> "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > news:uR93Vl2tDHA.3224@tk2msftngp13.phx.gbl... > > OK, now it does make more sense. Are you suggesting that it would be more > > correct to link to directories with a trailing slash?
> > -- > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > Only reply by newsgroup. Any emails I have not authorized are deleted > > before I see them.
> > > The redirect you refer to is called a "courtesy redirect".
> > > The URL below - without a trailing slash - is a specifically a request > for > > a > > > file called "host-header" in the home directory. Since there is no such > > > file, and there is no other code running on the server (ie. an ISAPI) > that > > > recognizes the original URL, the original request should technically > fail > > > with a 404. If the below URL contained a trailing slash, it would be a > > > different request. In that case, it would be a request for a directory > > > listing in the "host-header" directory (although the server might choose > > to > > > send a default document instead). Because it is very common for users > to > > > omit the trailing slash, IIS will issue response that will cause the > > client > > > to reissue the request for a directory if the original URL cannot be > > served.
> > > I am pretty sure that you would see the escaping of the '-' character if > > the > > > IIS redirect code were hit any other way (ie. if an ISAPI used > > > HSE_REQ_SEND_URL_REDIRECT_RESP, or an ASP page send a redirect to a URL > > > containing a '-', etc.)
> > > I hope that this helps to clarify the issue.
> > > > None the less, this still isn't desirable behavior, and instead of > > issuing > > > > an encoded redirect with a trailing slash, it shouldn't be encoded for > > > URLs > > > > with dashes.
> > > > Thanks,
> > > > -- > > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > > > tutorial site :-) > > > > Only reply by newsgroup. Any emails I have not authorized are deleted > > > > before I see them.
> > > > > I'm not positive, but off the top of my head, I suspect that this > > > escaping > > > > > is happening as a measure to prevent cross site scripting via > > redirect. > > > > The > > > > > idea here is that it's probably common for code running on the > server > > to > > > > > issue redirects to locations based on data from the client. Because > > of > > > > the > > > > > likelyhood of untrusted (ie. client) data in the redirect location, > > IIS > > > > will > > > > > escape encode all redirects. This will prevent the client from > > running > > > > > embedded script on the location header. If this character were a > '<' > > or > > > a > > > > > '>', you would want it to be escaped.
> > > > > I'll take a look at the escape logic. If we are encoding characters > > > that > > > > we > > > > > shouldn't be, then that's something I can consider as a bug for SP1.
> > > > > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > > > > news:utvWtoksDHA.2136@TK2MSFTNGP10.phx.gbl... > > > > > > And of course, I hope they do fix it, but he said they won't in > IIS > > 6 > > > > :-/
> > > > > > -- > > > > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > > > http://www.visualwin.com - A Windows Server 2003 visual, > > step-by-step > > > > > > tutorial site :-) > > > > > > Only reply by newsgroup. Any emails I have not authorized are > > deleted > > > > > > before I see them.
> > > > > > "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > > > > news:eRq67YjsDHA.684@TK2MSFTNGP09.phx.gbl... > > > > > > > Wow - that's kinda crazy if you ask me...
> > > > > > > I checked the HTTP spec, and - aren't in the reserved characters > > > pool, > > > > > so > > > > > > > there should be no need to escape the "-" in the URL. Why would > > IIS6 > > > > > take > > > > > > it > > > > > > > apon itself to tell the client to issue a new request?!?
-- --Jonathan Maltz [Microsoft MVP - Windows Server] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) Only reply by newsgroup. Any emails I have not authorized are deleted before I see them.
> Yes. If you were to do that, it would save the round trip to do the > redirection (and should also prevent the client updating the address line as > a result of that redirection).
> Thank you, > -Wade A. Hilmo, > -Microsoft
> "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > news:uR93Vl2tDHA.3224@tk2msftngp13.phx.gbl... > > OK, now it does make more sense. Are you suggesting that it would be more > > correct to link to directories with a trailing slash?
> > -- > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > tutorial site :-) > > Only reply by newsgroup. Any emails I have not authorized are deleted > > before I see them.
> > > The redirect you refer to is called a "courtesy redirect".
> > > The URL below - without a trailing slash - is a specifically a request > for > > a > > > file called "host-header" in the home directory. Since there is no such > > > file, and there is no other code running on the server (ie. an ISAPI) > that > > > recognizes the original URL, the original request should technically > fail > > > with a 404. If the below URL contained a trailing slash, it would be a > > > different request. In that case, it would be a request for a directory > > > listing in the "host-header" directory (although the server might choose > > to > > > send a default document instead). Because it is very common for users > to > > > omit the trailing slash, IIS will issue response that will cause the > > client > > > to reissue the request for a directory if the original URL cannot be > > served.
> > > I am pretty sure that you would see the escaping of the '-' character if > > the > > > IIS redirect code were hit any other way (ie. if an ISAPI used > > > HSE_REQ_SEND_URL_REDIRECT_RESP, or an ASP page send a redirect to a URL > > > containing a '-', etc.)
> > > I hope that this helps to clarify the issue.
> > > > None the less, this still isn't desirable behavior, and instead of > > issuing > > > > an encoded redirect with a trailing slash, it shouldn't be encoded for > > > URLs > > > > with dashes.
> > > > Thanks,
> > > > -- > > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > http://www.visualwin.com - A Windows Server 2003 visual, step-by-step > > > > tutorial site :-) > > > > Only reply by newsgroup. Any emails I have not authorized are deleted > > > > before I see them.
> > > > > I'm not positive, but off the top of my head, I suspect that this > > > escaping > > > > > is happening as a measure to prevent cross site scripting via > > redirect. > > > > The > > > > > idea here is that it's probably common for code running on the > server > > to > > > > > issue redirects to locations based on data from the client. Because > > of > > > > the > > > > > likelyhood of untrusted (ie. client) data in the redirect location, > > IIS > > > > will > > > > > escape encode all redirects. This will prevent the client from > > running > > > > > embedded script on the location header. If this character were a > '<' > > or > > > a > > > > > '>', you would want it to be escaped.
> > > > > I'll take a look at the escape logic. If we are encoding characters > > > that > > > > we > > > > > shouldn't be, then that's something I can consider as a bug for SP1.
> > > > > "Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message > > > > > news:utvWtoksDHA.2136@TK2MSFTNGP10.phx.gbl... > > > > > > And of course, I hope they do fix it, but he said they won't in > IIS > > 6 > > > > :-/
> > > > > > -- > > > > > > --Jonathan Maltz [Microsoft MVP - Windows Server] > > > > > > http://www.visualwin.com - A Windows Server 2003 visual, > > step-by-step > > > > > > tutorial site :-) > > > > > > Only reply by newsgroup. Any emails I have not authorized are > > deleted > > > > > > before I see them.
> > > > > > "Ken Schaefer" <kenREM...@THISadOpenStatic.com> wrote in message > > > > > > news:eRq67YjsDHA.684@TK2MSFTNGP09.phx.gbl... > > > > > > > Wow - that's kinda crazy if you ask me...
> > > > > > > I checked the HTTP spec, and - aren't in the reserved characters > > > pool, > > > > > so > > > > > > > there should be no need to escape the "-" in the URL. Why would > > IIS6 > > > > > take > > > > > > it > > > > > > > apon itself to tell the client to issue a new request?!?
-- --Jonathan Maltz [Microsoft MVP - Windows Server - IIS, Virtual PC] http://www.visualwin.com - A Windows Server 2003 visual, step-by-step tutorial site :-) http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out here Only reply by newsgroup. I do not do technical support via email. Any emails I have not authorized are deleted before I see them.
"Tom Grube" <tgr...@ameritech.net> wrote in message
But i dont think that there is a fix for this, because it doesn't seem to be a problem. According to the RFCs (1630 and 1738) it is perfectly fine to use %2D as a replacement for -, although it is not required.
When you request for http://site/site-is-cool IIS actually looks for the file "site-is-cool". The RFC says that / is used a delimiter, and since the last / is after "site", "site-is-cool" is supposed to be a file. When IIS doesn't find the file "site-is-cool", it is kind enough to assume that you were asking for the default document of the folder "site-is-cool" instead. This causes a redirect (HTTP 301 for IIS 6.0), and IIS encodes the new URL, hence the behavior you see.
And as Jonathan said, the work-around would be to omit the redirect caused by IIS.
URL needs to be canonicalized prior to usage. If your application treats "-" and "%2D" as different in a URL, then it has a serious canonicalization bug.
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. //
"Tom Grube" <tgr...@ameritech.net> wrote in message
|
