Something just seems wrong when it is possible to specify web paths that will fool the parser. This seems inherently insecure. I don't disagree with your comments to keep paths short and clean but to be worried that specifying a directory with .com is
going to fool the parser just makes me wonder about either the URL/HTTP specifications or the implementation of IIS.
Microsoft has spent lots of effort allowing users to have long file names and directory names. I rememeber the old 8.3 days and I for one love good descriptive names - though I hate blanks in names like "Program Files" and needless dots (.) are kinda silly
too - yet .Net actually encouraged this practice.
Your advise is good but the Microsoft examples out there contradict them.