I did add the following in Web.Config in the httpRunTime tag:
requestValidationType="Framework.Framework.CustomRequestValidation,Framework"
I verified that it is using it. If I change the namespace to something else or the assembly name to something else, IIS will report the error. So, this is the proper syntax.
Just to be sure it would go in it, I simply entered a redirect command at first:
Public Class CustomRequestValidation
Inherits System.Web.Util.RequestValidator
Protected Overloads Overrides Function IsValidRequestString(ByVal context As HttpContext, ByVal value As String, _
ByVal requestValidationSource__1 As System.Web.Util.RequestValidationSource, ByVal collectionKey As String, _
ByRef validationFailureIndex As Integer) As Boolean
HttpContext.Current.Response.Redirect("Default.aspx")
But, I still have the error.
The redirection does not take place. So, it seems the IIS still has priority over this code and shows me the standard "A potentially dangerous Request.Path value was detected from the client (&)." message.