NAVIGATION - SEARCH

Eurl.axd Error Fix

The issue is with the v4.0 ASP.Net extension less URL feature on II6. When trying to redirect from domain.com to www.domain.com through .htaccss, the site is redirected to http://www.domain.com/eurl.axd/52edd456ecd9e8469d7bb00f556e5867/ which is a temp URL the framework puts in during the process and for whatever reason fails to update before the process is completed.

To replicate

I created a new domain to replicate this under www.domain.com, simply type in domain.com and the issues comes up. The "application" I put on there is a basic web page with one line of code writing the results to the screen - nothing else.

.htaccess file contents

RewriteEngine On

RewriteCond %{HTTP_HOST} ^domain.com

 

RewriteRule (.*) http://www.domain.com/$1 [R=301,L]

Reasons for the Error

Posted by Microsoft on 6/23/2010 at 8:31 AM 

My understanding is that you are using Windows Server 2003 and IIS 6.0. The following pertains to your configuration: There are only two ways to end up with /eurl.axd/a9e530c3ac1a9b48a61ce9a633523a51/ in a URL.

1) A malicious HTTP client issues request with that in the URL.

2) You have the ASP.NET extensionless URL feature enabled, and the feature is not working correctly because of an incompatibility with another ISAPI filter or ISAPI extension (in particular one with a wildcard scriptmap) installed on the server.

Recommended Solutions

If you disable the v4.0 ASP.NET extensionless URL feature on IIS6 by setting a DWORD at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\4.0.30319.0\EnableExtensionlessUrls = 0 and restart IIS, then the ASP.NET feature will be disabled and you will not see "/eurl.axd/GUID" in your URLs unless a malicous client issues such requests to your server.

Our Fix

In our case the solution came from HeliconTech who is the provider of our IIS Rewrite Module

http://www.helicontech.com/forum/15029-ASPNET_40_MVC_and_ISAPI_Rewrite_3.html

We found that the eurl.axd was being appended when we were doing a redirect. The eurl.axd was added before the redirect, so isapi includes it as if it is a correct part of the url.

For example, we're redirecting www to non-www. In order to ignore the eurl.axd part, I had to change the rule to:

RewriteCond %{HTTPS} (on)?
RewriteCond %{HTTP:Host} ^www\.(.+)$ [NC]
RewriteCond %{REQUEST_URI} (.+)?
RewriteRule ^(.*)(eurl.axd/.*)$ http(?%1s)://%2/$1 [R=301,L]

If you want to go the other way and redirect non-www to www, it's an easy change:

RewriteCond %{HTTPS} (on)?
RewriteCond %{HTTP:Host} ^(?!www\.)(.+)$ [NC]
RewriteCond %{REQUEST_URI} (.+)?
RewriteRule ^(.*)(eurl.axd/.*)$ http(?%1s)://www\.%2/$1 [R=301,L]

Hope this helps, it took a while to nail it down, but the solution worked like a charm in our shared environments without having to impact all customers by disabling the extension less feature or migrating everything to IIS7.

Share:
Comments are closed