TROUBLESHOOTING: While Trying to Search for Cards to Print with the Bulk Client You May Get a HTTP 404 Error

TROUBLESHOOTING: While Trying to Search for Cards to Print with the Bulk Client You May Get a HTTP 404 Error

I worked a case recently with FIM CM where the user was unable to search for requests with the Bulk Client to print smart cards.

After a few lengthy troubleshooting sessions I stumbled across Double Escapes.  The resolution to the case was to add a “true” condition for double escapes in either the IIS server or the website for the FIM CM Portal.

There are two methods to implement the fix:

Manually adding

<requestFiltering allowDoubleEscaping="true">

to the following files:

Server Specific:

applicationhost.config

Site Specific:

web.config

Automatically changing the files with the following command:

Site Specific:

Appcmd set config "Default Web Site" /section:system.
webServer/Security/requestFiltering
-allowDoubleEscaping:True

 

 

Site Specific w/ a location tag:

appcmd set config "Default Web Site" /section:system.
webServer/Security/requestFiltering
-allowDoubleEscaping:True /commit:appHost

 

 

Double escapes can become a  security hole for an IIS server.  In our case, the customer was not concerned with the security hole that allowing double escapes created since the server was internal to the company, only 2 people had access to it and the site was only accessed from a single Windows 7 client where the Bulk Client for FIM CM was installed

So what are Double Escapes?
Forgive me but I am not an IIS expert, but Double Escapes are the ability for an IIS server to interpret something like (FirstName LastName) into FirstName%20Lastname.  Potentially this could give someone the ability to inject SQL code or java into a URL which could possibly lead to code execution.

For more information:

Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 404.11 – URL_DOUBLE_ESCAPED"

Leave a Comment
  • Please add 3 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Richard Mueller edited Revision 10. Comment: Removed (en-US) from title, added tags

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Richard Mueller edited Revision 10. Comment: Removed (en-US) from title, added tags

Page 1 of 1 (1 items)