Solved

Error 400 bad request:Problem with file name with multiple dot  example:  myfile....pdf

Posted on 2016-10-22
10
47 Views
Last Modified: 2016-11-29
Hello,

I have a website where user upload files, but if they upload a file with  multiple dot like  myfile...pdf then I get a 400 bad request when they try to download the file.
ASP.nET  C#

Thanks
0
Comment
Question by:arnololo123
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 27

Accepted Solution

by:
skullnobrains earned 300 total points
ID: 41855146
most likely your server (IIS i assume) considers that multiple dots in an url are non legit

if that is actually your problem, a way to circumvent can be found here
https://average-joe.info/allow-dots-in-url-iis/
0
 
LVL 33

Assisted Solution

by:sarabande
sarabande earned 200 total points
ID: 41855215
myfile...pdf
in my opinion it is quite ok that those files are eliminated very early from processing since there are many if not most software which cannot reasonably handle this.

Sara
0
 

Author Comment

by:arnololo123
ID: 41855535
skullnobrains: your link is referring to  allowing dots in URL, this is not my case, I just want to download a file that can have multiple dot


Sarabande:There is nothing wrong with a filename like myfile.....pdf,  the file will open without problem.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 27

Expert Comment

by:skullnobrains
ID: 41855580
i was thinking IIS was rejecting the download url for that reason. if that's not the case the problem should be in the asp code

as a poor man's solution, can't you simply rewrite the filenames when they are uploaded in the first place ?
0
 
LVL 33

Assisted Solution

by:sarabande
sarabande earned 200 total points
ID: 41855786
There is nothing wrong with a filename like myfile.....pdf

file paths like  ../../bin/debugc/a.lib or c:\xyz\abc\..\..\temp are valid paths as well but nevertheless they would rejected by many programs which can not handle relative paths. if the programmers make it easy for them they simply check if ".." is contained in the file name.

if a filename like myfile....pdf was not processed you my claim that there is "nothing wrong" but actually you made a bet against the odds and have lost. it would be better you would try to avoid such naming which had no value in the first place.

Sara
0
 

Author Comment

by:arnololo123
ID: 41856257
The problem is that I have hundreds of file with  this issue.  So how could I handle the existing ones and how to  prevent  the issue at the time of upload? Thanks
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 300 total points
ID: 41856629
have you checked that IIS is not the one that rejects these URLs ? how ? there are high chances the you can't download because IIS does not like the URL format, and you provide zero information regarding the download link.

how to  prevent  the issue at the time of upload

search and replace on the filename in your asp code. or reject the files which do not have reasonably standard names.

how could I handle the existing ones

search for all the files containing .. and rename them. there are tons of batch remane soft that can do that and a few lines of powershell should do as well.

alternatively if you are the one generating the filelist in ASP and the download code, you can stick the same search and replace in the file list and on the names of the files to download. and if this is not feasible, you're using direct download on IIS so you should try the first solution i provided.

btw these files names are perfectly legit and there is no reason whatsoever for which any software would reject them.
0
 

Author Comment

by:arnololo123
ID: 41869098
I have never found any script that fully check  a filename to make sure it is correct. If you know one please let me know.
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 300 total points
ID: 41871585
use a regular expression or whatever custom tests you feel comfortable with and define what you deem acceptable.

there is no such script because what is correct is whatever the filesystem accepts. different filesystems accept different things and 2 consecutive dots are allowed by all the ones i know including ntfs.

what IIS does not like for whatever reason is another strory.
i assume either IIS mistakenly rejects URLS with ".." while it should reject "/../" for security reasons or the urls actually contain "/../" and it is preventing actual hacking attempts
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 41905425
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- skullnobrains (https:#a41855146)
-- skullnobrains (https:#a41856629)
-- sarabande (https:#a41855786)
-- sarabande (https:#a41855215)
-- skullnobrains (https:#a41871585)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

frankhelk
Experts-Exchange Cleanup Volunteer
0

Featured Post

The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
C# Desktop Application 3 54
Add or delete table rows 10 53
Where is this file? 3 25
Visual Studio npm 1 10
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question