ISA Server 2004 blocks requests that include the Accept-Encoding HTTP header when a forward proxy is used
Dall Ball, on the ISAserver.org mailing list shared an interesting problem. He noted that after installing ISA 2006 SP1, his users were starting to see errors that they hadn't seen before. The error returned to the users' browsers was:
- Error Code: 502 Proxy Error. The request is not supported. (50)
It seemed like a pretty mysterious problem to me, even after checking a few lines of log files information provided by Dan. But then Dan did a packet trace on the connection and sent to Jim Harrison. Jim read the capture and said:
Do you have compression disabled?
If so, have a peek at the script in http://support.microsoft.com/?id=927263.
This script is supported for ISA 2006 after SP1.
This is a problem I wasn't aware of! You might have the same problem as Dan if the following is true:
On a server that is running Microsoft Internet Security and Acceleration (ISA) Server 2004 with Service Pack 2, you disable the following two Web filters:
- Compression Filter
- Caching Compressed Content Filter
After you do this, ISA Server 2004 blocks requests that include the Accept-Encoding HTTP header when a forward proxy is used.
These Web filters were introduced in ISA Server 2004 Service Pack 2. You might disable these Web filters because of program compatibility problems that involve some Web servers.
So, if you're seeing random 502 proxy errors with the request not being supported (50), then you should run the script found at http://support.microsoft.com/kb/927263
More information on this issue from Jim Harrison:
"When compression is disabled, ISA will strip off the “Accept-encoding” header that the client sends.
This is done to prevent the web site sending compressed responses because ISA can’t apply HTTP body inspection to it.
In this case (and several others, it seems), the web site sends compressed content anyway (it’s a Sun server; waddayexpect?).
Since ISA knows it can’t process compressed HTTP bodies, it rejects it.
Adding this value causes ISA to forward the “Accept-encoding” header and when the content is delivered compressed, ISA simply sends it back to the client as-is without inspecting it."
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)