"A potentially dangerous Request.Path value was detected from the client (%)." but request seems to be fine

ASP.Net MVC 3.0, .NET 4.0, IIS 7

I know it has been asked a many times, but I still can't figure out what's wrong with it.

I get these messages only occasionally (less than 1 a day), and I get about 4k visits daily.

Here is a link to the error report:

http://wowreforge.com/elmah.axd/detail?id=6CBE开发者_C百科6DCA-88C2-45E7-AF53-A53061B8E25D

(notice there are links to XML and JSON detailed reports)

First thing to note is URL (PATH) contains UTF-8 encoded character : /US/Warsong/Spartan%C3%B6

second thing, request is HEAD, not GET

Neither one of those details should result in the error I receive, I think.

The original URL was:

http://wowreforge.com/US/Warsong/Spartan%C3%B6?reforge=--52145254126214646464--3214325254&crit=7&dodge=90&exp=19&haste=1&hit=10&mastery=100&parry=67&spi=0

I have tried this URL with both GET and HEAD request, but wasn't able to reproduce the error.

Anything else I can poke at?

Notice that PATH_TRANSLATED = E:\web\wowreforgec\htdocs\EU\Kael%27Thas\Acekhor. It looks like the URL encoded character %27 is not being translated to ' before looking up the path of the file on disk. The % character is forbidden by the default configuration of the RequestPathInvalidCharacters property, thus the input is considered dangerous and an exception is thrown.

Edit

The HttpUtility.UrlDecode(string s) method should transform /EU/Kael%27Thas/Acekhor into /EU/Kael'Thas/Acekhor. This method (or one of similar function) should be called at the point where the virtual path is resolved to a physical path. Are you using a custom method to transform the virtual path into a physical path?