This article describes the process to follow in case the below error message is displayed when accessing certain URLs that include the '+' characters, e.g. http://www.mywebsite.com/download/text+text.
- GFI WebMonitor
- All supported environments
This error is caused by the unencoded '+' character in the URL because by default IIS (Internet Information Services) is configured to reject this for security reasons. The GFI WebMonitor user interface is running on IIS Express, so this configuration setting also affects it.
Please follow the steps outlined in the first solution and if these do not work follow the steps outlined in the second solution.
- Stop the following services:
- GFI WebMonitor
- GFI WebMonitor Core Service
- GFI Proxy (Standalone Proxy version only)
- Microsoft Firewall (Microsoft ISA only)
- Microsoft Forefront TMG Firewall (Microsoft Forefront TMG only)
- Make a backup of
- Open Web.config with a text editor.
- Search for the
<system.webServer>node and add the following code before the closing tag:
<security> <requestFiltering allowDoubleEscaping="true" /> </security>This will look like the following where
...is code that is already present:
<system.webServer> ... <security> <requestFiltering allowDoubleEscaping="true" /> </security> </system.webServer>
- Start the services stopped in step 1.
Note: Making this change may make you more vulnerable to malicious URLs.
Alternatively, the Download Status page can be disabled for this file type.
- Open the GFI WebMonitor configuration.
- Go to Settings > Policies > Security Policies.
- Click on the policy name.
- Find the necessary file type and deselect the progress bar next to it.
- Save the changes.
This way, the file will be scanned by the antivirus engines but the user will see the usual download from the browser.