New Post: XMLBasedSiteBackup gives 404 Page does not exist

Hi mawtex, thanks for your reply. I would appreciate your advice on this issue.

I've figured out the problem after some research and checking server logs, and then contacting my Web Hosting provider (Netcetera).
They have recently implemented the Microsoft URL Scan feature on IIS !
Note that my Full-Trust Level web space is on a Shared Hosting server. This means I am unable to change server-level settings myself.

The log shows:-
2015-11-04 10:27:53 83.105.72.141 57 GET /Composite/InstalledPackages/content/views/Composite.Tools.XmlBasedSiteBackup/XmlBasedSiteBackup.aspx
Rejected URL+contains+dot+in+path URL - -

Their response was "I will suggest you to modify the file names to normal text means without special characters and white spaces."

Now I am not sure whether this can be done easily in C1 due to the naming of packages, and the package installation process?

I can appreciate they have to protect their server, but I am annoyed that they didn't warn customers about them implementing this!

So I asked if they could provide a better suggestion for how they can help with this problem, e.g. set the AllowDotInPath parameter in UrlScan.ini at machine level, or advise me how I can do this at application level, perhaps using IIS Request Filtering settings?

Unfortunately their response was not helpful:-
"Please note that it will not possible to manipulate the security features which we have applied on the server. You will need to make changes into your script pages."

So this raises a few questions:-

• Do you have any suggestions? I know there are some settings in web.config already in relation to URL mapping and routing, e.g. settings for relaxedUrlToFileSystemMapping and requestPathInvalidCharacters and runAllManagedModulesForAllRequests
  

<httpRuntime relaxedUrlToFileSystemMapping="true" requestPathInvalidCharacters="&lt;,>,*,%,&amp;,\,?" />
and 
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="UrlRoutingModule" />
:
: add other modules
:
      <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    <add name="LessHttpModule" type="Composite.Web.Css.Less.LessHttpModule, Composite.Web.Css.Less" />
    </modules>

• Do you know of any IIS Request Filtering settings? I've tried searching for an answer, but I cannot find how/where to set the equivalent of the URL Scan AllowDotInPath=1 setting but in Request Filtering so I can override this at application level.
• Are there any other Add-On modules with launch page names similarly affected by dots in their paths? i.e. How many more problems with Add-On's am I likely to encounter? Perhaps I can forego using the XmlBasedSiteBackup module and use the Web Space control panel for doing backups instead, but I'm concerned about encountering more 404 Not Found errors in other C1 Add-ONs I might install because dots-in-paths appears to be a common naming strategy in Composite C1 modules.
• If this is a problem likely to occur with other web hosts due to them also implementing URL Scanning, then surely this should be something Composite C1 should add into the System Requirements section of you website? Although it is entirely possible that whichever web space provider is chosen, if they don't already then they might implement URL Scan on their servers in the future.
• What is the likelihood of the Composite C1 dev team investigating and, if required, making the necessary changes to add-on path names?
• Perhaps there is some easy answer to this I have overlooked? Would it be better to cancel the Netcetera hosting and re-deploy to a new host (ugh! more work).
  

Would appreciate your thoughts on this.

Thanks
Jim