how to allow .com in a url path using IIS6 on Win2003 R2 x64?

Question

it seems IIS6 on Win2003 R2 Enterprise x64 SP2 will not allow you to use .com in a url path.

e.g if i create a folder foo.com in my web root, containing a default.htm, this url results in a 404:

http://localhost/foo.com/default.htm

however, following the exact same steps on Win2003 R2 Standard x86 SP2, and IIS6 will serve up the file just fine.

Neither server has urlscan installed.

Is there a way to tell IIS6 on Win2003 x64 to allow .com in a url path?

Answer 1

ok problem solved. this post, whilst not directly giving the answer, gave me enough of a clue:

David Wang's blog

Basically, my x64 IIS site had it's execute permissions configured "Scripts AND executables" whereas my X86 IIS site was configured "Scripts Only"

So it seems that, even though .com was only appearing in the path of my url, IIS was treating it as an executable file, for which it has no application mapping hence the HTTP 404

Answer 2

This looks like it might relate the issue you're seeing:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;826437

Edit:

And more recently

http://support.microsoft.com/kb/932552

Could "VerificationCompatibility" be the answer here? On Win x64, it's found in the registry here:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ASP.NET\VerificationCompatibility = 1

Read up about "increasing attack surfaces" before changing this setting.

What we found on IIS7 with Win2008 x64, IIS seems to choke on many "unusual" characters. Here's the characters we treat specially:

\r \n \t . ? & : * + "

Even when properly encoded, we get 400 back from the server if these occur before the query string.