I have several ASP.NET MVC websites running on IIS 8 with UrlScan 3.1 enabled. I also have some registrations on these sites that catch unhandled exceptions and write them to the log table in the database.
I find many exceptions coming from these websites, according to:
System.Web.HttpException
The controller for path '/Rejected-By-UrlScan' was not found or does not implement IController.
After looking at my own logs, I see the URL of the request that generated this error, looks something like this (the real domain is replaced by the sample):
/Rejected-By-UrlScan?~//https://mywebsite.com/login/login/?aspxerrorpath=/Rejected-By-UrlScan
Seeing that I canβt say what really caused this request, I then looked at the log files generated by UrlScan; I see many reasons why some URLs may be rejected, some examples:
2014-02-11 02:42:29 119.147.146.189 4 GET //https://mywebsite.com/login/login Rejected extension+not+allowed file+extension .com -
2014-02-11 02:42:32 119.147.146.189 4 GET //https://mywebsite.com/login/login/?aspxerrorpath=/Rejected-By-UrlScan Rejected URL+contains+dot+in+path URL - -
2014-02-11 02:42:37 119.147.146.189 4 GET //https://mywebsite.com/scripts/jquery-1.9.1.min.js Rejected URL+contains+dot+in+path URL - -
2014-02-11 08:24:19 79.122.154.178 6 OPTIONS /Content/Styles/ Rejected verb+not+allowed HTTP+method - -
, , , URL- , - ?
, , :
- URL-? , UrlScan , / , , .
- UrlScan, , - MVC ? , , . , , , , .