Vulnerability in EPiServer.Forms
I am getting this weird error in the production environment when I perform Quick Edit on a page and then whe I try to do "Save and Publish" I get the ugly "The page cannot be displayed error" with error details being
" Technical Information (for support personnel) •Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217) "
and the url being " ... /CMS/edit/ViewModeTransfer.aspx?epurl=%252fDefault.aspx%253fid%253d3%2526epslanguage%253den "
Although when you do the Save and Publish from Quick Edit mode it gets redirected to the page which has initiated the quick edit. But I think there is some error before it does the redirection .
Can anyone please help me out with this ?
I think you must either turn off custom errors or log the error using EPiServer logging. Either way, we need to have more information to be able to help you.
Yes I had enabled the logging and I found out that the log does enter details of the page getting saved but it does not perform the below task after that
EPiServer.Web.UrlRewriteModuleBase.BeginRequestEventHandler - Starting request with Url http://mysite/cms/UI/CMS/edit/ViewModeTransfer.aspx?epurl=%252fdefault.aspx%253fid%253d3%2526epslanguage%253den
I had performed the same operation for the EPiServer PublicTemplates and found that on save and publish the above task is called after page save.. but in my site in the production environment this is not getting called .
Thanks for the reply.
I do not recognize the problem but I'm not sure that the error message has to do with EPiServer. I guess would be that there is a filter in in IIS or possible in asp.NET that does not like html in posted values. A quick search for "12217 http filter" gave me quite some pages indicating that it is a security filter indeed.
Yes tis was related to the Microsoft ISA settings "Verify Normalization" which blocked the encoded string in the querystring Item epiurl. Once the Verify Normalization was disabled this got solved.
Thanks you very much for your help.