I’ve just had a fun couple of hours trying to figure out why my site suddenly starting giving me this exception:

Exception type: HttpException
Exception message: Cannot use a leading .. to exit above the top directory.

It turns out that ASP.NET 2.0 doesn’t like playing nicely with Url Rewriters. The problem occurs when the rewriting rebases the form action path. e.g instead of having your form tag look something like this:

<form id=form1 method=”post” action=”page.aspx?id=whatever” name=”form1″>

After rewriting it ends up looking like this:

<form id=form1 method=”post” action=”../page.aspx?id=whatever” name=”form1″>

This obviously is not a good thing. For a detailed breakdown of the problem I suggest you read sgerz’s post Get GoogleBot to crash your .NET 2.0 site.

In my particular case I am using an open source url rewriter solution from http://urlrewriter.net. Of course the beauty of it being open source is that you can fix the problem! So a one line change on line 80 of HttpContextFacade.cs from:

HttpContext.Current.RewritePath(url, false);

to

HttpContext.Current.RewritePath(url, true);

solved the problem.

So why did this start happening all of a sudden? I can only surmise that it had something to do with the fact that I had just installed Vista SP1 and that caused cassini to start behaving as IIS 6.0 does.

I’ll be emailing the maintainers of the project to see if they want to make the change to the main repository.