404 Error When Accessing Confluence Space or Page via IIS


アトラシアン コミュニティをご利用ください。



You see a 404 Error Not Found when trying to browse a space or page: "HTTP Error 404.11 - Not Found. The request filtering module is configured to deny a request that contains a double escape sequence."


By default, IIS7 rejects URLs that contain a double escaping sequence such as '+'. For example, the url http://localhost:8090/display/TT/Test+Test+Startseite will be rejected by IIS7 because it contains a '+' character.


Disable the double escape validation in IIS7 by doing the following steps on IIS Manager :

  1. Stop your website.
  2. Select your site and click in Request Filtering.

  3. Then click in Edit Feature Settings:

  4. Check Allow double escaping and hit OK:

  5. Start your site on IIS and check if you can reproduce the error again.

With the question of either leaving the '+' in place or converting those characters to spaces, be aware of the possibility that your rule engine may allow access to a non-Admin. For example, let's say an attacker enters http://myserver/my+vdir, and you have a rule looking for "my vdir". Your authorization rule won't match because your authorization code searches for the string "my+vdir" but your rule says "my vdir". As a result your rule won't apply and the attacker gets access.


最終更新日: 2016 年 2 月 19 日


Powered by Confluence and Scroll Viewport.