Hyphens in URLs are rendered as "%2D" in IIS6
tzedekh
Server, and among the many annoyances and performance problems we've
encountered with IIS6, I've noticed that URLs with hyphens now,
inexplicably, display the hex code for the hyphen, %2D, in the address
bar of a browser -- eg, "http://www.blahblah.com/whats%2Dup/" instead
of "http://www.blahblah.com/whats-up/." What the hell is going on, and
how do I fix it (ie, the hyphen displays, not the hex code)? Getting
rid of the hyphen is not an option, nor is using an underscore
instead. (I try to avoid underscores in URLs -- when, on a Web page,
such a URL is displayed formatted with the typical underline, the
underscored blank space looks like just a blank space, and thus may be
incorrectly rekeyed from memory with a blank space.)
Ken Schaefer
I suspect that this is an IE issue, not an IIS issue (IE is encoding the -
when it sends the initial request).
Cheers
Ken
"tzedekh" <tzed...@hotmail.com> wrote in message
news:825ecceb.03112...@posting.google.com...
: We recently migrated our Web site from IIS5 on Win2K to IIS6 on 2003
Jonathan Maltz [MS-MVP]
explicitly telling the browser to go to %2D:
started....Reusing existing connection (source port 4983)\nREQUEST:
**************\nGET /enable-rd HTTP/1.1\r\n
Host: www.visualwin.com\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 301 Moved Permanently\r\n
Content-Length: 160\r\n
Content-Type: text/html\r\n
Location: http://www.visualwin.com/enable%2Drd/\r\n
Server: Microsoft-IIS/6.0\r\n
Date: Mon, 24 Nov 2003 02:29:46 GMT\r\n
\r\n
<head><title>Document Moved</title></head>\n<body><h1>Object Moved</h1>This
document may be found <a
HREF="http://www.visualwin.com/enable%2Drd/">here</a></body>finished.
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Ken Schaefer" <kenR...@THISadOpenStatic.com> wrote in message
news:utXcQni...@TK2MSFTNGP09.phx.gbl...
Ken Schaefer
I checked the HTTP spec, and - aren't in the reserved characters pool, so
there should be no need to escape the "-" in the URL. Why would IIS6 take it
apon itself to tell the client to issue a new request?!?
Cheers
Ken
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message
news:uFDFxLjs...@TK2MSFTNGP10.phx.gbl...
: I don't know, Ken, I've experienced the same problem. Here's WFetch
: >
: >
:
:
Jonathan Maltz [MS-MVP]
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=ea%24wxeapDHA.688%40TK2MSFTNGP10.phx.gbl
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Ken Schaefer" <kenR...@THISadOpenStatic.com> wrote in message
news:eRq67Yj...@TK2MSFTNGP09.phx.gbl...
Jonathan Maltz [MS-MVP]
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Ken Schaefer" <kenR...@THISadOpenStatic.com> wrote in message
news:eRq67Yj...@TK2MSFTNGP09.phx.gbl...
Ken Schaefer
request /directory the server does send back a 302 message indicating a
request should be made for /directory/ -or- /directory/document.ext
However, I think it's a bit crazy for a request for:
/directory/document.ext
to be met with a 301 response telling the browser to send a further request
(with one character encoded). Surely that can't be good for perceived
responsiveness by the end user?
Cheers
Ken
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message
news:%23CpIcok...@TK2MSFTNGP10.phx.gbl...
: To this, David Wang answers:
: > :
: > :
: >
: >
:
:
Jonathan Maltz [MS-MVP]
as well :-/ Not sure if it did this in IIS RC1...Oh well, best we can do is
provide feedback - Microsoft reads this group and end user feedback is
important
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Ken Schaefer" <kenR...@THISadOpenStatic.com> wrote in message
news:eKVK$wksDH...@TK2MSFTNGP10.phx.gbl...
Sparky Polastri
IE 6.0.2 SP2 it works fine. (Hyphen works OK)
I looked up the code and it appears correct.
The original poster appears to come from Germany, so maybe a difference
(bug?) in the language used on the OS is causing this problem? Is there a
difference in the German version of windows for the hyphen? Is there a
difference between the languages used on the server and client? (i.e.
English Windows on the server and German Windows on the client)
It seems like this is indeed a client problem, which makes it harder to fix
and less likely that the users will know to fix it or how if they knew there
was an error.
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message
news:uFDFxLjs...@TK2MSFTNGP10.phx.gbl...
Jonathan Maltz [MS-MVP]
that IIS is telling the client to go to %2D instead of - (by issuing the
HTTP/1.1 301 Moved Permanently)
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Sparky Polastri" <jaf...@MUNGEDyahoo.com> wrote in message
news:3fc4c2b3$1...@newspeer2.tds.net...
Wade A. Hilmo [MS]
I was just reviewing this thread.
I'm not positive, but off the top of my head, I suspect that this escaping
is happening as a measure to prevent cross site scripting via redirect. The
idea here is that it's probably common for code running on the server to
issue redirects to locations based on data from the client. Because of the
likelyhood of untrusted (ie. client) data in the redirect location, IIS will
escape encode all redirects. This will prevent the client from running
embedded script on the location header. If this character were a '<' or a
'>', you would want it to be escaped.
I'll take a look at the escape logic. If we are encoding characters that we
shouldn't be, then that's something I can consider as a bug for SP1.
Thank you,
-Wade A. Hilmo,
-Microsoft
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message
news:utvWtoks...@TK2MSFTNGP10.phx.gbl...
Jonathan Maltz [MS-MVP]
After looking into it a bit more, IIS only issues a redirect to the encoded
character if the URL doesn't have a trailing slash. For example:
http://www.visualwin.com/host-header IIS will issue a redirect to:
http://www.visualwin.com/host%2Dheader/
However, with a trailing slash:
http://www.visualwin.com/host-header/
IIS accepts it without issuing a redirect.
None the less, this still isn't desirable behavior, and instead of issuing
an encoded redirect with a trailing slash, it shouldn't be encoded for URLs
with dashes.
Thanks,
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Wade A. Hilmo [MS]" <wa...@microsoft.com> wrote in message
news:uM2aKZp...@TK2MSFTNGP09.phx.gbl...
Wade A. Hilmo [MS]
The redirect you refer to is called a "courtesy redirect".
The URL below - without a trailing slash - is a specifically a request for a
file called "host-header" in the home directory. Since there is no such
file, and there is no other code running on the server (ie. an ISAPI) that
recognizes the original URL, the original request should technically fail
with a 404. If the below URL contained a trailing slash, it would be a
different request. In that case, it would be a request for a directory
listing in the "host-header" directory (although the server might choose to
send a default document instead). Because it is very common for users to
omit the trailing slash, IIS will issue response that will cause the client
to reissue the request for a directory if the original URL cannot be served.
I am pretty sure that you would see the escaping of the '-' character if the
IIS redirect code were hit any other way (ie. if an ISAPI used
HSE_REQ_SEND_URL_REDIRECT_RESP, or an ASP page send a redirect to a URL
containing a '-', etc.)
I hope that this helps to clarify the issue.
Thank you,
-Wade A. Hilmo,
-Microsoft
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message
news:OMbIoTut...@tk2msftngp13.phx.gbl...
Jonathan Maltz [MS-MVP]
correct to link to directories with a trailing slash?
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Wade A. Hilmo [MS]" <wa...@microsoft.com> wrote in message
news:uahjJc2t...@TK2MSFTNGP12.phx.gbl...
Wade A. Hilmo [MS]
redirection (and should also prevent the client updating the address line as
a result of that redirection).
Thank you,
-Wade A. Hilmo,
-Microsoft
"Jonathan Maltz [MS-MVP]" <jma...@mvps.org> wrote in message
news:uR93Vl2t...@tk2msftngp13.phx.gbl...
Jerry III
technically the link should be <a
href="http://www.microsoft.com/">Microsoft.com</a>, note the trailing slash.
Jerry
"Wade A. Hilmo [MS]" <wa...@microsoft.com> wrote in message
news:#AtGDM9t...@tk2msftngp13.phx.gbl...
Jonathan Maltz [MS-MVP]
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
Only reply by newsgroup. Any emails I have not authorized are deleted
before I see them.
"Wade A. Hilmo [MS]" <wa...@microsoft.com> wrote in message
news:%23AtGDM9...@tk2msftngp13.phx.gbl...
Tom Grube
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jonathan Maltz [MS-MVP]
If you link to http://site/site-is-cool then it will render as
http://site/site%2Dis%2Dcool but if you link to http://site/site-is-cool/
then it will keep the hyphens
--
--Jonathan Maltz [Microsoft MVP - Windows Server - IIS, Virtual PC]
http://www.visualwin.com - A Windows Server 2003 visual, step-by-step
tutorial site :-)
http://vpc.visualwin.com - Does <insert OS name> work on VPC 2004? Find out
here
Only reply by newsgroup. I do not do technical support via email. Any
emails I have not authorized are deleted before I see them.
"Tom Grube" <tgr...@ameritech.net> wrote in message
news:Oi0KckAq...@TK2MSFTNGP11.phx.gbl...
Kristofer Gafvert
Jonathan has given you a work-around.
But i dont think that there is a fix for this, because it doesn't seem to be
a problem. According to the RFCs (1630 and 1738) it is perfectly fine to use
%2D as a replacement for -, although it is not required.
When you request for http://site/site-is-cool IIS actually looks for the
file "site-is-cool". The RFC says that / is used a delimiter, and since the
last / is after "site", "site-is-cool" is supposed to be a file. When IIS
doesn't find the file "site-is-cool", it is kind enough to assume that you
were asking for the default document of the folder "site-is-cool" instead.
This causes a redirect (HTTP 301 for IIS 6.0), and IIS encodes the new URL,
hence the behavior you see.
And as Jonathan said, the work-around would be to omit the redirect caused
by IIS.
Also see:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298408
http://www.faqs.org/rfcs/rfc1738.html
http://www.faqs.org/rfcs/rfc1630.html
--
Regards,
Kristofer Gafvert
http://www.ilopia.com
"Tom Grube" <tgr...@ameritech.net> wrote in message
news:Oi0KckAq...@TK2MSFTNGP11.phx.gbl...
David Wang [Msft]
URL needs to be canonicalized prior to usage. If your application treats
"-" and "%2D" as different in a URL, then it has a serious canonicalization
bug.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Tom Grube" <tgr...@ameritech.net> wrote in message
news:Oi0KckAq...@TK2MSFTNGP11.phx.gbl...