Our ASPRedirector.NET product can be used to re-write query-string URLs to friendly URLs with ID parameters converted to text. This is typically done for Search Engine Optimisation to improve page ranking because words appearing in the URL are taken into account by search engines. We have developed re-writing configuration rules for many eCommerce / shopping-cart software packages such as BV Software's BVCommerce and MediaChase's eFC.

However, if the category and / or product name contain certain reserved characters then you can run into a problem. Even if the characters such as $. %, ? are encoded correctly the page may not be returned and all you see is "bad request" (error 400). It isn't URLScan that is causing this though but the behavior of the ASP.NET ISAPI filter which doesn't pass the request on.

There is a Microsoft KB Article 826437 about the issue

The solution given is incorrect though and the correct registry key entry is shown below:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET]
  "VerificationCompatibility"=dword:00000001

This fixes the issue and allows you to have nice, optimised URLs on your eCommerce website - regardless of the characters in you category and product names.