This repository was archived by the owner on Dec 21, 2022. It is now read-only.
This repository was archived by the owner on Dec 21, 2022. It is now read-only.
URL parameters corrupted after convert from https to http #56
Description
What steps will reproduce the problem?
1. Deployment our website on Windows Server 2012 R2 (IIS 8.5)
2. When switch from secure zone to insecure zone, the original query parameter
string corrupts by preceding unexpected letters;
What is the expected output? What do you see instead?
Original URL:
https://mywebsite.com/RASS/Display/?raid=213&moduleid=9&errorpostionid=1
Expected Output URL:
http://mywebsite.com/RASS/Display/?raid=213&moduleid=9&errorpostionid=1
Actual output URL:
http://mywebsite.com/RASS/Display/?ra?raid=213&moduleid=9&errorpostionid=1
What version of the product are you using? On what operating system?
SecuritySwitch 4.4.0.0
OS: Windows Server 2012 R2
IIS: 8.5.9600.16384
Please include the securitySwitch configuration section from your
web.config file.
<configSections>
<section name="securitySwitch" type="SecuritySwitch.Configuration.Settings,
SecuritySwitch" requirePermission="false" />
</configSections>
<httpModules>
<add name="SecuritySwitch" type="SecuritySwitch.SecuritySwitchModule, SecuritySwitch" />
</httpModules>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
...
</system.webServer>
<securitySwitch ignoreSystemHandlers="True" securityPort="443" ignoreStyleSheets="True" ignoreImages="True" ignoreAjaxRequests="True" baseSecureUri="https://dsa.diebold.com:443" baseInsecureUri="http://dsa.diebold.com:80" bypassSecurityWarning="True" mode="RemoteOnly" xmlns="http://SecuritySwitch-v4.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="SecuritySwitch-v4.xsd">
<paths>
<!--
You should only need one of these paths based on where your login/logon page/view is accessed from. -->
<add path="~/ErrorPosition/" security="Insecure" />
<add path="~/Feedback/" security="Insecure" />
<add path="~/Module/" security="Insecure" />
<add path="~/Part/" security="Insecure" />
<add path="~/RASS/" security="Insecure" />
<add path="~/EFC/Create" security="Insecure" />
<add path="~/EFC/Edit/" security="Insecure" matchType="StartsWith" />
<add path="~/Scripts" security="Ignore" />
<add path="~/Content" security="Ignore" />
<add path="~/Images" security="Ignore" />
<add path="~/" security="Secure" matchType="StartsWith" />
<add path="~/Export/" security="Secure" matchType="StartsWith" />
<add path="~/EFC/Index/" security="Secure" matchType="StartsWith" />
<!--<add path="~/EFC/Index/\?efccode=(\b\w{8}\b)" security="Secure" matchType="Regex"/>-->
<add path="~/EFC/QueryEFCbyUrl/" security="Secure" matchType="StartsWith" />
<add path="~/EFC/" security="Insecure" />
<add path="~/Account/Login" security="Secure" matchType="StartsWith" />
</paths>
</securitySwitch>
Please provide any additional information below.
Works fine in Windows Server 2008, IIS 7.
Original issue reported on code.google.com by alexeni...@gmail.com on 23 Mar 2015 at 9:48