>Ok, here is the result.
>
>It does go in the custom request validator. If I do a normal hit, one without the & character in the path, I can see it executes my code in there. The code is an Event Viewer logging. It does log 18 times the same entry however for one click. This is something I don't understand.

The method is called for all types of validation - not just forms. Check : http://msdn.microsoft.com/en-us/library/system.web.util.requestvalidator.isvalidrequeststring.aspx
And each RequestValidationSource may have several items to be validated. You can check RequestValidationSource to filter out stuff that you are not interested in.

>
>However, if I add the & at the end of the path, it does not execute my custom request validator. It seems IIS takes over the priority in such case and we have no way of intercepting that.
>
>In your test, were you able to test:
>
>http://localhost/MyDirectory
>http://localhost/MyDirectory/&
>
>Are those situations both going into your custom request validator? For me, only the first one goes.

Hmm. Not the behaviour I'd expect - but checking it out will have to wait until morning :-}