App does not redirect to custom error page with ~(tilde) in URL

[Guest]

Hello all,

I am having trouble dealing with ~(tilde) in my .Net 1.1 web application,
specially when it comes through the URL. For example, when someone requests
the following URL: www.mysite.com/~mypage.aspx, my web application will
through the following error (with custom errors turned off):


Server Error in '/' Application.
--------------------------------------------------------------------------------

Invalid file name for monitoring: 'dir to my site\~mypage.aspx'. File names
for monitoring must have absolute paths, and no wildcards.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.

Exception Details: System.Web.HttpException: Invalid file name for
monitoring: 'dir to my site\~mypage.aspx'. File names for monitoring must
have absolute paths, and no wildcards.


I have custom errors set to On and defaultRedirect pointed to a custom error
page in my web.config file. Unfortunately, this error seems to be bypassing
it.

I have code in the Application_Error event to log all errors and this error
does get logged. So I set up a regex that parses the URL and if it detects a
~, it will do a server.transfer to my custom error page. This works if the
above-mentioned URL is requested, however does not work if anyone appends any
querystring parameters behind it. For example:
www.mysite.com/~mypage.aspx?hit= When this URL is requested, I get the same
error as above and this time is does not go through the Application_Error
event since I do not have a record of this error!

Since this is application testing, I have no control over what the tester
will enter on the site so I cannot ask them to not request a URL with a ~ in
it.

What am I doing wrong in trying to catch this error. Is there another
location I'm missing an error handler (apart from web.config default redirect
and Application_Error in Global.asax)?

The site is deployed on IIS 6 with .Net framework 1.1.4322

Thanks in advance,
Alf

 

[Guest]

Hello all,

I am having trouble dealing with ~(tilde) in my .Net 1.1 web application,
specially when it comes through the URL. For example, when someone
requests
the following URL: www.mysite.com/~mypage.aspx, my web application will
through the following error (with custom errors turned off):


Server Error in '/' Application.
--------------------------------------------------------------------------------

Invalid file name for monitoring: 'dir to my site\~mypage.aspx'. File
names
for monitoring must have absolute paths, and no wildcards.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about
the error and where it originated in the code.

Exception Details: System.Web.HttpException: Invalid file name for
monitoring: 'dir to my site\~mypage.aspx'. File names for monitoring must
have absolute paths, and no wildcards.


I have custom errors set to On and defaultRedirect pointed to a custom
error
page in my web.config file. Unfortunately, this error seems to be
bypassing
it.

I have code in the Application_Error event to log all errors and this
error
does get logged. So I set up a regex that parses the URL and if it detects
a
~, it will do a server.transfer to my custom error page. This works if the
above-mentioned URL is requested, however does not work if anyone appends
any
querystring parameters behind it. For example:
www.mysite.com/~mypage.aspx?hit= When this URL is requested, I get the
same
error as above and this time is does not go through the Application_Error
event since I do not have a record of this error!

Since this is application testing, I have no control over what the tester
will enter on the site so I cannot ask them to not request a URL with a ~
in
it.

What am I doing wrong in trying to catch this error. Is there another
location I'm missing an error handler (apart from web.config default
redirect
and Application_Error in Global.asax)?

Why tilde (~) should not be used in Web addresses (URLs)
http://www.cs.tut.fi/~jkorpela/tilde.html

 

[Guest]

Hello Alexey,

Thank you for the interesting article. I have no use for tilde on my site
but I am not in control of what the site auditor requests during his tests.

The article recommends escaping tildes in the URL. Where in my .Net
application should I be doing that? In the Begin_Request event?

Regards,
Alf

 

[Guest]

The article recommends escaping tildes in the URL. Where in my .Net
application should I be doing that? In the Begin_Request event?

In principle, you can use Application_Error event

if (Request.Url.ToString().IndexOf("~") > 0)
{
Context.ClearError();
Context.RewritePath("HttpError404.aspx");
return;
}

 

[Guest]

In principle, you can use Application_Error event

if (Request.Url.ToString().IndexOf("~") > 0)
{
Context.ClearError();
Context.RewritePath("HttpError404.aspx");
return;
}

I added the code above and my application does catch some tilde generated
errors now. For example, for the URL http://www.mysite.com/~mypage.aspx, the
code above will redirect to my custom error page but if I have this URL
http://www.myside.com/~mypage.aspx?qt=, then the code above does not pick up
the tilde in the URL. Why is that happening?