Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
microsoft.public.inetserver.iis
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion How to get rid of IIS 400 Bad Request Error
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
David Wang  
View profile  
 More options Mar 11 2008, 11:24 pm
Newsgroups: microsoft.public.inetserver.iis
From: David Wang <w3.4...@gmail.com>
Date: Tue, 11 Mar 2008 20:24:09 -0700 (PDT)
Local: Tues, Mar 11 2008 11:24 pm
Subject: Re: How to get rid of IIS 400 Bad Request Error
Print | View thread | Show original | Report this message | Find messages by this author
On Mar 11, 6:11 pm, stevej99 <stevej994...@gmail.com> wrote:

> Thank you! Set AllowRestrictedChars to 1 did solve the problem.

Personally, I think it is a bad idea to turn off verifications inside
of HTTP.SYS that reject requests with 400 Bad Request. Why?

Because people sending bad requests to you are hardly the visitors you
care about being "nice". You don't want those hackers to take up more
CPU cycles and computer resources with Bad requests that get through
to user-mode, and HTTP.SYS rejects a lot of them right at the door. By
letting these values into the user-mode worker process, you simply
increase the chances of your own code or some other server-side add-on
at being attacked/hack.

And if there URLs come from links that you control -- you should fix
your pages, not make the error pages look nicer.

In short, trying to look pretty for the hacker attacking you while
making yourself more vulnerable to their attacks because of vanity
over "400 Bad request" -- simply does not look like a win-win for you,
in my opinion. But hey, it's your website. PHP is so secure and
unhackable that you can risk this... NOT.

//David
http:/ww3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google