Solved

internal server error 500 when using http post containing %0A%3C

Posted on 2008-06-19
2
1,178 Views
Last Modified: 2013-12-16
Hi

I am trying to perform an HTTP POST to a website. Every time i do the POST i get a response of 500. Internal server error.

I have found out that the reason i am getting the error is because the POST contains the string:

%0A%3C

This is a line feed and a < sign.

For some reason i am unable to post this data when it is a requirement for me. If i use %0A%3E (which is line feed and > sign) it works.

Does anyone know why this would happen?

Any help would be appreciated. I have attached the code that i am using.

I am running Microsoft Visual Studio 2005. .Net 2.0 Service Pack 1, Windows XP and IIS 5.1

(i tried it on server 2003 with iis 6.0 and had the same error)

Apyreal
static void Main(string[] args)

        {

           string query = "?%0A%3Chey";

            string a = HTTPCallback("url", query, "POST");

            Console.WriteLine(a);

            Console.ReadLine();

        }
 

        // simple generic http get/post request function

        static string HTTPCallback(string uri, string query, string method)

        {

            string output = string.Empty;

            try

            {

                // request

                WebRequest request;

                // do a POST if requested, otherwise default to a GET

                if (method.ToUpper() == "POST")

                {

                    request = WebRequest.Create(uri);

                    request.Method = "POST";

                    byte[] buffer = Encoding.UTF8.GetBytes(query);

                    request.ContentType = "application/x-www-form-urlencoded";

                    request.ContentLength = buffer.Length;

                    // add form data to request stream

                    System.IO.Stream requestStream = request.GetRequestStream();

                    requestStream.Write(buffer, 0, buffer.Length);

                    requestStream.Flush();

                    requestStream.Close();

                }

                else

                {

                    request = WebRequest.Create(uri + query);

                    request.Method = "GET";

                }

                // response

                HttpWebResponse response = (HttpWebResponse)request.GetResponse();

                System.IO.Stream responseStream = response.GetResponseStream();

                StreamReader responseReader = new StreamReader(responseStream);

                // output

                output = responseReader.ReadToEnd();

                // clean-up

                responseReader.Close();

                responseStream.Close();

                response.Close();

            }

            catch (Exception e)

            {

                Console.WriteLine(e.Message);

            }
 

            return output;

        }

Open in new window

0
Comment
Question by:Apyreal
2 Comments
 
LVL 25

Expert Comment

by:SStory
ID: 21821725
I'm not sure, but wouldn't you need to encode that like &lt; for <
like in html, to keep the page from thinking "<" is the beginning of a tag..that it subsequently won't find?
0
 
LVL 1

Accepted Solution

by:
Apyreal earned 0 total points
ID: 21821787
nope, actually. the it is already encoded. I found the problem about 5 minutes ago. IIS was treating %0A%3C as a possible dangerous request, so it would always fail it.

Fix was to place ValidateRequest="false" in the page to where i am posting. Not a perfect fix but it is the only one that works
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now