• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 78
  • Last Modified:

Error 400 bad request:Problem with file name with multiple dot example: myfile....pdf

Hello,

I have a website where user upload files, but if they upload a file with  multiple dot like  myfile...pdf then I get a 400 bad request when they try to download the file.
ASP.nET  C#

Thanks
0
arnololo123
Asked:
arnololo123
  • 4
  • 3
  • 2
  • +1
5 Solutions
 
skullnobrainsCommented:
most likely your server (IIS i assume) considers that multiple dots in an url are non legit

if that is actually your problem, a way to circumvent can be found here
https://average-joe.info/allow-dots-in-url-iis/
0
 
sarabandeCommented:
myfile...pdf
in my opinion it is quite ok that those files are eliminated very early from processing since there are many if not most software which cannot reasonably handle this.

Sara
0
 
arnololo123Author Commented:
skullnobrains: your link is referring to  allowing dots in URL, this is not my case, I just want to download a file that can have multiple dot


Sarabande:There is nothing wrong with a filename like myfile.....pdf,  the file will open without problem.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
skullnobrainsCommented:
i was thinking IIS was rejecting the download url for that reason. if that's not the case the problem should be in the asp code

as a poor man's solution, can't you simply rewrite the filenames when they are uploaded in the first place ?
0
 
sarabandeCommented:
There is nothing wrong with a filename like myfile.....pdf

file paths like  ../../bin/debugc/a.lib or c:\xyz\abc\..\..\temp are valid paths as well but nevertheless they would rejected by many programs which can not handle relative paths. if the programmers make it easy for them they simply check if ".." is contained in the file name.

if a filename like myfile....pdf was not processed you my claim that there is "nothing wrong" but actually you made a bet against the odds and have lost. it would be better you would try to avoid such naming which had no value in the first place.

Sara
0
 
arnololo123Author Commented:
The problem is that I have hundreds of file with  this issue.  So how could I handle the existing ones and how to  prevent  the issue at the time of upload? Thanks
0
 
skullnobrainsCommented:
have you checked that IIS is not the one that rejects these URLs ? how ? there are high chances the you can't download because IIS does not like the URL format, and you provide zero information regarding the download link.

how to  prevent  the issue at the time of upload

search and replace on the filename in your asp code. or reject the files which do not have reasonably standard names.

how could I handle the existing ones

search for all the files containing .. and rename them. there are tons of batch remane soft that can do that and a few lines of powershell should do as well.

alternatively if you are the one generating the filelist in ASP and the download code, you can stick the same search and replace in the file list and on the names of the files to download. and if this is not feasible, you're using direct download on IIS so you should try the first solution i provided.

btw these files names are perfectly legit and there is no reason whatsoever for which any software would reject them.
0
 
arnololo123Author Commented:
I have never found any script that fully check  a filename to make sure it is correct. If you know one please let me know.
0
 
skullnobrainsCommented:
use a regular expression or whatever custom tests you feel comfortable with and define what you deem acceptable.

there is no such script because what is correct is whatever the filesystem accepts. different filesystems accept different things and 2 consecutive dots are allowed by all the ones i know including ntfs.

what IIS does not like for whatever reason is another strory.
i assume either IIS mistakenly rejects URLS with ".." while it should reject "/../" for security reasons or the urls actually contain "/../" and it is preventing actual hacking attempts
0
 
frankhelkCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- skullnobrains (https:#a41855146)
-- skullnobrains (https:#a41856629)
-- sarabande (https:#a41855786)
-- sarabande (https:#a41855215)
-- skullnobrains (https:#a41871585)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

frankhelk
Experts-Exchange Cleanup Volunteer
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now