Errors from URL encoding.

Forum Moderators: open

Message Too Old, No Replies

Errors from URL encoding.

Referring sites and urls.

ohfiddlesticks

5:33 am on Apr 29, 2005 (gmt 0)

I recently set up custom error handling for 404 and ASP errors that e-mails me with the error info. I have been getting alot of errors showing that parts or all of the URL querystring are still encoded (either HTML OR URL encoded), which makes my script not be able to get info from the querystring....causing an ASP error.

These are not direct links from my own site, but seem to be coming from some search engines and other unknown sources. I don't know if they are pulling links from my site and altering them or what. One spider is for a Spanish search engine I think and they seem to generate these errors in batches of 20 or so at a time, which is really annoying. Is this pretty common, and what can I do about it?

tedster

8:53 pm on Apr 29, 2005 (gmt 0)

Yes, it's relatively common. I think using a URL rewrite engine helps a lot - it can get the querystring out of your published URLs.

ohfiddlesticks

2:39 am on May 5, 2005 (gmt 0)

Today I got over 300 more e-mails about errors all caused by the same IP address because of this ampersand encoding. I don't know why this happens exactly. Do people write scripts to view my source code, get hyperlinks and then follow them without converting the html encoded ampersands into literal ones? Why would they do that? Would it just be better to have the ampersands not html encoded on my site to prevent this....even though my pages would not be "valid html" anymore.

Also, do people block IP ranges from viewing their site because of stuff like this? I'm on a web-host using IIS and I have no idea how to do the rewrite thing, or how to block IPs from visiting my site. I have seen references to people doing this with special files on Unix with Apache, but nothing about IIS. Because I don't have full access to the server, is it even possible to do anything like this anyways?