![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 45%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Internet Information Services
Microsoft web server software.
1,578 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 89%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi @炜 张
I am responsible for SSRS related issues. In fact I am not very familiar with IIS. From what I've searched, blocking requests containing the "~" character might be a workaround for virtual websites if you can't fix the IIS root settings.
For more details, you can check this link: https://adrianjnkns.medium.com/iis-shortname-vulnerability-67f933849943.
Hope this helps you.
If the answer is helpful, please click "Accept Answer" and upvote it. If you have any questions, please feel free to let me know.
Best regards,
Aniya