Information
This feature will help prevent attacks that rely on URLs that have been crafted to contain double-encoded request(s).
Solution
The allowDoubleEscaping Request Filter may be set for a server, website, or application using the IIS Manager GUI, using AppCmd.exe commands in a command-line window, and/or directly editing the configuration files. To configure using the IIS Manager GUI: Open Internet Information Services (IIS) Manager In the Connections pane, select the site, application, or directory to be configured In the Home pane, double-click Request Filtering Click Edit Feature Settings... in the Actions pane Under the General section, uncheck Allow double escaping If a file name in a URL includes '+' then allowDoubleEscaping must be set to true to allow functionality.