Recently one of the websites that I have been working on showed an unexpected 404 error. I have a page which displays information about entities based on the query string. I am using friendly URLs for a better user experience. Now this page has been capable of displaying information about over 5000 entities without a problem (or let's say without a server problem!). Here is the generated error code:
404.8 The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.
After a little bit digging I found out the web server does not serve the path that the URL was referring to and it is all because my business entity has "BIN" in its URL. What are the odds! So apparently the web server is trying to restrict the user accessing sensitive information on the server stored in the "Bin" folder. Which is natural! Apparently by configuring IIS we are able to control what is called "Hidden Segments" of the website. You can find more information about Hidden Segments here. It is a good solution, but I do not like to change default security settings of the IIS. If I miss to block access to a certain resource consequences can be severe. There is another solution which is perfect for my problem. Like I said, I only have one business entity which is causing this error. This is the sample of URL that the web server is trying to serve but it is blocked:
As you can see the "BIN" at the URL is the trouble maker. There is another configuration in request filtering module which always allows certain URLs to be served. Here is how I added the configuration to the web config:
<system.webServer> <security> <requestFiltering> <alwaysAllowedUrls> <add url="/Client/Analyze/Sample-Item/BIN/rest-of-my-url" /> </alwaysAllowedUrls> </requestFiltering> </security> </system.webServer>
Problem is solved. Now the application serves the URL.