eurl.axd HttpException by carpeoplemarketing

I ran into a similar issue with v4.0 ASP.Net extension less URL feature on II6 and found a solution through ISAPI Rewrite Module provider, the does not require turning it off. Theissue and the solution as we experienced it is documented here http://www.vanadiumtech.com/OurBlog/post/2011/08/12/Cause-of-eurlaxd.aspx

On a 64bit server I found out the hard way that the setting for disabling extension less URLs is located at a different location.
So for a 64bit server the registry key should be added in the following location:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ASP.NET\v4.0.30319.0\EnableExtensionlessUrls = 0

Could you please contact Thomas through his blog at http://blogs.msdn.com/b/tmarq/contact.aspx and ask for assistance? He can then contact you via email and with the help of Microsoft Support, we can work with you to debug and resolve this issue.

Thank you.

You are not clearly understanding, there are no wild card mappings on this website.

The original issue detailed isn't a "Extensionless URL" as described by your documentation, the fix via registry did stop the errors from coming throw for files that weren't extensionless. If you notice the path in the original submition it is requesting a FLASH content file.

It does seem correct that the requests are a malicous request for the continued messages I am getting via the a Custom Error page. As the User agents are different but the IP addresses and requests are identical, which sounds like someone is attempting to find an expliot. Either in my code or the framework, but how new the eurl.axd file is, it sounds like it is someone with of the issue trying to force errors from websites to expose details about itself.

What I am concerned with is that the content is not managed, that the content is not wild card mapped on the site. But the error is coming from unmanaged content.

Additionally, the IIS 6.0 worker process identity must have permission to read the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\4.0.30319.0\EnableExtensionlessUrls. By default the process identity has read permission to this registry key.

My understanding is that you are using Windows Server 2003 and IIS 6.0. The following pertains to your configuration: There are only two ways to end up with /eurl.axd/a9e530c3ac1a9b48a61ce9a633523a51/ in a URL.

1) A malicious HTTP client issues request with that in the URL.

2) You have the ASP.NET extensionless URL feature enabled, and the feature is not working correctly because of an incompatibility with another ISAPI filter or ISAPI extension (in particular one with a wildcard scriptmap) installed on the server.

If you disable the v4.0 ASP.NET extensionless URL feature on IIS6 by setting a DWORD at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\4.0.30319.0\EnableExtensionlessUrls = 0 and restart IIS, then the ASP.NET feature will be disabled and you will not see "/eurl.axd/GUID" in your URLs unless a malicous client issues such requests to your server.

I have completed the requested registry hack before I even attempted to submit a complaint about the issue.

This error isn't as common as before the registry hack but still occurs... Also before the registry hack if you noticed it wasn't an extensionless URL that was causing the error....

Notice the file name that is not found? not extensionless....

/FileNotFound.aspx?aspxerrorpath=/eurl.axd/6f15a3f6a1a7294590cb6c2a4d76777c/SkinOverPlayStopSeekFullVol.swf


I have removed some of the contents of the email that I package the details up with and provided them below. This is as recent as yesterday, the hack was created the day after .net 4.0 was released.


/FileNotFound.aspx?aspxerrorpath=/eurl.axd/a9e530c3ac1a9b48a61ce9a633523a51/



Request Variables:
        ALL_HTTP: HTTP_CONNECTION:Keep-Alive
HTTP_ACCEPT:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */* HTTP_ACCEPT_ENCODING:gzip, deflate HTTP_ACCEPT_LANGUAGE:en-us HTTP_COOKIE:XXXXXXX
HTTP_HOST:www.recwarehouse.com
HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; eMusic DLM/4)

        ALL_RAW: Connection: Keep-Alive
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Cookie: XXXXXXX
Host: www.recwarehouse.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; eMusic DLM/4)

        APPL_MD_PATH: /LM/W3SVC/539786779/Root
        APPL_PHYSICAL_PATH: XXXXXXX
        AUTH_TYPE:
        AUTH_USER:
        AUTH_PASSWORD:
        LOGON_USER:
        REMOTE_USER:
        CERT_COOKIE:
        CERT_FLAGS:
        CERT_ISSUER:
        CERT_KEYSIZE:
        CERT_SECRETKEYSIZE:
        CERT_SERIALNUMBER:
        CERT_SERVER_ISSUER:
        CERT_SERVER_SUBJECT:
        CERT_SUBJECT:
        CONTENT_LENGTH: 0
        CONTENT_TYPE:
        GATEWAY_INTERFACE: CGI/1.1
        HTTPS: off
        HTTPS_KEYSIZE:
        HTTPS_SECRETKEYSIZE:
        HTTPS_SERVER_ISSUER:
        HTTPS_SERVER_SUBJECT:
        INSTANCE_ID: 539786779
        INSTANCE_META_PATH: /LM/W3SVC/539786779
        LOCAL_ADDR: 172.16.0.33
        PATH_INFO: /FileNotFound.aspx
        PATH_TRANSLATED: XXXXXXX
        QUERY_STRING: aspxerrorpath=/eurl.axd/a9e530c3ac1a9b48a61ce9a633523a51/
        REMOTE_ADDR: XXXXXXX
        REMOTE_HOST: XXXXXXX
        REMOTE_PORT: 1233
        REQUEST_METHOD: GET
        SCRIPT_NAME: /FileNotFound.aspx
        SERVER_NAME: XXXXXXX
        SERVER_PORT: 80
        SERVER_PORT_SECURE: 0
        SERVER_PROTOCOL: HTTP/1.1
        SERVER_SOFTWARE: Microsoft-IIS/6.0
        URL: /FileNotFound.aspx
        HTTP_CONNECTION: Keep-Alive
        HTTP_ACCEPT: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
        HTTP_ACCEPT_ENCODING: gzip, deflate
        HTTP_ACCEPT_LANGUAGE: en-us
        HTTP_COOKIE: __utma= XXXXXXX
        HTTP_HOST: www.recwarehouse.com
        HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; eMusic DLM/4)


Request Form Variables:


Request QueryString Variables:
        aspxerrorpath: /eurl.axd/a9e530c3ac1a9b48a61ce9a633523a51/


Request Cookies:
        __utma: XXXXXXX
        __utmz: XXXXXXX
        ASP.NET_SessionId: iibhd1b44aehxigiiwuamrvq

Please disable the v4.0 ASP.NET extensionless URL feature on IIS6 by setting a DWORD at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\4.0.30319.0\EnableExtensionlessUrls = 0. After changing the value, you will need to restart IIS in order for us to pick up the change, because it is only read once when IIS starts.

You can read more about this at http://blogs.msdn.com/b/tmarq/archive/2010/06/18/how-to-disable-the-asp-net-v4-0-extensionless-url-feature-on-iis-6-0.aspx. Unfortunately without an in-house way to reproduce this problem, we are unable to determine why the ASP.NET feature is failing.

I'm having the same issue and it's breaking my URL rewriting (either through Ionics Isapi Rewrite or my own IHttpModule).

Basically, if I hit my site at "/default.aspx", the rewriting works fine. But if I hit my site at just "/", then I get eurl.axd strangeness.

I assume that IIS 6 is hitting my default document, but something in ASP.NET is seeing that "/" was indeed an extensionless URL and then doing something strange.

The same error occurred with me. I don't think it is reproducible, but restarting IIS did the trick.

SkinOverPlayStopSeekFullVol.swf actually exists in the root of the calling application and not in the virtual directory

There is no project as I said the content isn't managed ..

<customErrors mode="RemoteOnly" defaultRedirect="~/ServerError.aspx">
     <error statusCode="404" redirect="~/FileNotFound.aspx"/>
     <error statusCode="500" redirect="~/ServerError.aspx"/>
    </customErrors>

The 404 file, actually packages up all the request variables and emails it to me; it includes, Application, Server, Request and Session variables. Nothing is out of the norm in the request or the content in the email.

There is no wildcard mapping on the site. The virtual directory that is calling it is coming from a virtual directory.

This is the error content:
FileNotFound.aspx?aspxerrorpath=/eurl.axd/cfcb89f123acaa4b80a5a4776cf2c0d3/SkinOverPlayStopSeekFullVol.swf


This is the referering content:
/UserFiles/flash/genericvid(2).swf

UserFiles is a virtual directoy that is a sub-directory in another website. Both wesites are located in the same app pool, which are based on the default app pool, with no changes.

Thanks for reporting the issue.
In order to fix the issue, we must first reproduce the issue in our labs. We are unable to reproduce the issue with the steps you provided.

Could you please attach an example zipped project file to this feedback through our site to help us reproduce the issue?

Thanks again for your efforts and we look forward to hearing from you.
Visual Studio Product Team

Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)