IIS 7 Sucks
This site is hosted on a Windows system - meaning that the web server is Microsoft IIS.
In general, I have been happy with IIS - no real problems.
Until - - Microsoft stopped supporting IIS 6 and my provider downgraded to IIS 7 !!!
The problem is the new "security" rule - URLs which contain a plus sign no longer work.
As a result, directories containing "c++" in the name no longer work.
To be perfectly clear - this is the kind of behavior I expect from a virus.
My site was broken! and if I had not stumbled on to an affected page, I would have never known.
Rant
| Fix
| References
Rant
I originally discovered the problem at
which has 5 images with plus signs in their names, similar to
However, simply renaming a few files would not work
because several directories contain "c++" and those also no longer worked.
/Languages/Borland_C++
/Languages/C++_Builder
/Languages/Console_C++
/Languages/VisualC++
|
Microsoft never misses a chance to screw customers - or to damage competitors.
Making any site that refers to a version of C++ non-available, by default,
is completely underhanded.
In addition, there were no error messages - not even a 404 not found.
The images and pages just don't show anything.
To manually "fix" this would have required editing every file that references any of these.
This is much worse than most viruses.
Instead, I created and uploaded the new configuration file (next section)
and my site is now functional.
(The Microsoft intentional attack was undone.)
Fix
I call this a "fix" - it is really just a work around.
The fix is to NEVER update software.
Microsoft always manages to break something "in your best interest" - "just trust us".
It only took about a day to find this, and even then, I had to modify what I found.
Basically
- Create a text file - web.config
- Copy the code below
- FTP (copy) the file to your root (base) directory
|
<![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="True" />
</security>
</system.webServer>
</configuration>
]]>
|
I included a blank line at the bottom - don't know (or care) if it is needed.
It works.
I give Microsoft credit for providing a way to disable their !@#$%,
but I firmly believe that they knew what they were doing and that
this change was to intentionally cause problems.
The fact that my ISP's help desk had no knowledge of this issue, and that customers were not notified
that their sites would be affected, also supports my conclusion.
References
Author:
Robert Clemenzi