Solved

Error 400 bad request:Problem with file name with multiple dot  example:  myfile....pdf

Posted on 2016-10-22
10
27 Views
Last Modified: 2016-11-29
Hello,

I have a website where user upload files, but if they upload a file with  multiple dot like  myfile...pdf then I get a 400 bad request when they try to download the file.
ASP.nET  C#

Thanks
0
Comment
Question by:arnololo123
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 26

Accepted Solution

by:
skullnobrains earned 300 total points
Comment Utility
most likely your server (IIS i assume) considers that multiple dots in an url are non legit

if that is actually your problem, a way to circumvent can be found here
https://average-joe.info/allow-dots-in-url-iis/
0
 
LVL 32

Assisted Solution

by:sarabande
sarabande earned 200 total points
Comment Utility
myfile...pdf
in my opinion it is quite ok that those files are eliminated very early from processing since there are many if not most software which cannot reasonably handle this.

Sara
0
 

Author Comment

by:arnololo123
Comment Utility
skullnobrains: your link is referring to  allowing dots in URL, this is not my case, I just want to download a file that can have multiple dot


Sarabande:There is nothing wrong with a filename like myfile.....pdf,  the file will open without problem.
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
i was thinking IIS was rejecting the download url for that reason. if that's not the case the problem should be in the asp code

as a poor man's solution, can't you simply rewrite the filenames when they are uploaded in the first place ?
0
 
LVL 32

Assisted Solution

by:sarabande
sarabande earned 200 total points
Comment Utility
There is nothing wrong with a filename like myfile.....pdf

file paths like  ../../bin/debugc/a.lib or c:\xyz\abc\..\..\temp are valid paths as well but nevertheless they would rejected by many programs which can not handle relative paths. if the programmers make it easy for them they simply check if ".." is contained in the file name.

if a filename like myfile....pdf was not processed you my claim that there is "nothing wrong" but actually you made a bet against the odds and have lost. it would be better you would try to avoid such naming which had no value in the first place.

Sara
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:arnololo123
Comment Utility
The problem is that I have hundreds of file with  this issue.  So how could I handle the existing ones and how to  prevent  the issue at the time of upload? Thanks
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 300 total points
Comment Utility
have you checked that IIS is not the one that rejects these URLs ? how ? there are high chances the you can't download because IIS does not like the URL format, and you provide zero information regarding the download link.

how to  prevent  the issue at the time of upload

search and replace on the filename in your asp code. or reject the files which do not have reasonably standard names.

how could I handle the existing ones

search for all the files containing .. and rename them. there are tons of batch remane soft that can do that and a few lines of powershell should do as well.

alternatively if you are the one generating the filelist in ASP and the download code, you can stick the same search and replace in the file list and on the names of the files to download. and if this is not feasible, you're using direct download on IIS so you should try the first solution i provided.

btw these files names are perfectly legit and there is no reason whatsoever for which any software would reject them.
0
 

Author Comment

by:arnololo123
Comment Utility
I have never found any script that fully check  a filename to make sure it is correct. If you know one please let me know.
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 300 total points
Comment Utility
use a regular expression or whatever custom tests you feel comfortable with and define what you deem acceptable.

there is no such script because what is correct is whatever the filesystem accepts. different filesystems accept different things and 2 consecutive dots are allowed by all the ones i know including ntfs.

what IIS does not like for whatever reason is another strory.
i assume either IIS mistakenly rejects URLS with ".." while it should reject "/../" for security reasons or the urls actually contain "/../" and it is preventing actual hacking attempts
0
 
LVL 13

Expert Comment

by:frankhelk
Comment Utility
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- skullnobrains (https:#a41855146)
-- skullnobrains (https:#a41856629)
-- sarabande (https:#a41855786)
-- sarabande (https:#a41855215)
-- skullnobrains (https:#a41871585)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

frankhelk
Experts-Exchange Cleanup Volunteer
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now