Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 404.11 – URL_DOUBLE_ESCAPED"


You have a Web site that is hosted on Internet Information Services (IIS) 7.0. When you visit the Web site, you may receive an error message that resembles the following:
Server Error
Description of HRESULT # The operation completed successfully.

↑ Back to the top


The HTTP request to the Web server contains a double escape sequence. However, the Request Filtering feature is configured so that the Web server denies double escape sequences.

↑ Back to the top


To resolve this problem, follow these steps.

Note After you follow these steps, the security level of the server that is running IIS may be reduced. Therefore, before you set the allowDoubleEscaping property to True, consider the risk that is involved.
  1. Click Start, type Notepad in the Start Search box, right-click Notepad in the Programs list, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
  2. On the File menu, click Open, type %windir%\System32\inetsrv\config\applicationHost.config in the File name box, and then click Open.
  3. In the ApplicationHost.config file, locate the requestFiltering XML element.
  4. Change the value of the allowDoubleEscaping property to True. To do this, use code that resembles the following example code.
    <requestFiltering allowDoubleEscaping="true">
  5. On the File menu, click Save.
  6. Exit Notepad.
Important When you enable double escaped sequences, the security level of the server that is running IIS may be decreased.

The previous steps will directly edit the applicationHost.config file and configure this setting at the server level. You can also use the Appcmd command to configure this setting. To do this, follow these steps:
  1. Click Start, click Run, and then type cmd in the Open box.
  2. Type the following command, and then press ENTER:
    C: CD %windir%\system32\inetsrv
  3. Run one of the following commands:
    • Appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True
      Note This will configure this setting only for the "Default Web Site" by creating or editing the Web.config file in the root folder of the "Default Web Site."
    • appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True /commit:appHost
      Note This will configure this setting only for the "Default Web Site" in the applicationHost.config file by using a location tag.

↑ Back to the top

Keywords: kbexpertiseadvanced, kbtshoot, kbprb, KB942076

↑ Back to the top

Article Info
Article ID : 942076
Revision : 2
Created on : 11/25/2008
Published on : 11/25/2008
Exists online : False
Views : 1837