I have been looking through my error logs and came across this error message:
After some investigation I found that simply adding “?% 00” (without the quotes and without the space) to any url causes a 503 error:
The default error message suggests to “try again later”, but there is nothing temporary about this problem, it’s a permanent problem that requires the incoming link to be fixed. So somehow I feel the error message should be different and I have created my own 503 error message which now also includes the text “[…] or you sent a request that caused an error.”
One instance of this particular error, that I tracked down, was caused by a person, who linked to a page on my site where I allow people to set the background and foreground colors via a querystring argument in the link. And he accidentally gave “% 000fff” as argument instead or “% 23000fff” (without the quotes and without the space). Basically a simple user error, and I have mailed this information to him.
So yes it’s not like no mistakes are being made here, but I would not classify this as an “emergency” (like the error message says) and deny access to the page, rather I would much prefer if the “Invalid character” was simply filtered out and the page served using the filtered querystring.
Edit: I had to add a space after the % sign, because the forum mangles the codes otherwise.