• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: strange problem re: restrict certain HTTP content

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> RE: strange problem re: restrict certain HTTP content Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: strange problem re: restrict certain HTTP content - 31.Jan.2005 12:30:00 PM   
wt_know

 

Posts: 3
Joined: 26.Jan.2005
Status: offline
thank god ... i am not the only want facing this problem !

each time the page is a HTTP POST method, the page is BLANK !

click refresh ... refresh ... and refresh and sometime the page is loaded successfully. i have many users complain to me that when they do online shopping .. until the last page for commitment it return a blank page ... my ass if burning red firing from many users ... damn ...

this is a stupid bug in ISA 2004. there is no problem with ISA 2000. no matter what rule you use. as long as you have a "deny" rule prior to the users allow rule, you will get this problem.

when is the SP1 released ????????

(in reply to cschreiner)
Post #: 21
RE: strange problem re: restrict certain HTTP content - 1.Feb.2005 10:23:00 AM   
myxiplx

 

Posts: 136
Joined: 16.Mar.2001
Status: offline
Ok, I've just phoned Microsoft support in the UK on 0870 60 10 100. They tell me that they cannot give me any more information on this problem and they have no release date for SP1 for ISA 2004.

If we want any further information, I have been advised to e-mail details of the problem to 2way@microsoft-contact.co.uk, who I have been told will investiate this and will come back to me with more information.

Since this thread has been running for nearly 6 months now, and Microsoft have not even documented this problem on the Knowledgebase, I thought it worthwhile to post this information here. Could I encourage anyone experiencing this problem to contact Microsoft and put pressure on them to fix this.

We upgraded from ISA 2000 in the last couple of weeks. I really do not want to waste another weekend downgrading this server, but if ISA 2004 is not capable of providing reliable internet access for our users I am not prepared to keep it on our network.

Ross

(in reply to cschreiner)
Post #: 22
RE: strange problem re: restrict certain HTTP content - 2.Feb.2005 2:45:00 AM   
hornebag

 

Posts: 18
Joined: 2.Feb.2005
Status: offline
Hi all,

A workaround that seems to be effective prior to the release of SP1.

Disable all rules containing Content Types. Then on the Allow rules properties page -> Protocols -> Filtering -> Configure <protocol> -> Extensions change the filtering to Block Specified Extension (allow all others) and add in the extensions that are listed in the Content Types plus any others that you may want to add.

BTW we are only using ISA 2004 as a caching server.

(in reply to cschreiner)
Post #: 23
RE: strange problem re: restrict certain HTTP content - 3.Feb.2005 5:17:00 PM   
myxiplx

 

Posts: 136
Joined: 16.Mar.2001
Status: offline
Seeing some very strange behaviour now. We can occasionally get sites to start working just by repeatedly retrying the site. Once sites start to work, they work every time.

I've logged a case with Microsoft and am working with them at the moment. I'll keep the thread updated if I get any news.

(in reply to cschreiner)
Post #: 24
RE: strange problem re: restrict certain HTTP content - 18.Feb.2005 11:45:00 AM   
myxiplx

 

Posts: 136
Joined: 16.Mar.2001
Status: offline
Ok, good news guys. Microsoft have a private fix for this and it's available free of charge if you contact Microsoft Support on 0870 60 10 100 (UK number).

Please make sure that you are positive that this is the problem you are experiencing before you call them. As I said, there is no charge for this fix, but you will need to give credit card details to open the case, and Microsoft charge 199 per issue for any problems not caused by bugs in the software.

The problem will only be experienced on HTTP traffic after an HTTP POST request. Your browser will most likely show a blank page, and the server logs will show that the connection is closed immediately after the request. I had similar symptoms on HTTPS but with a hugely different cause (mentioned above as the site with intermittent problems), so please check this is exactly what is happening to you.

When you call, Microsoft will need Netmon traces from both the internal & external interfaces of your server, plus output from ISAInfo so they can check exactly how your server is configured and verify that you are experiencing this problem. They'll give you details on how to do this when you call.

What actually happens is that after the HTTP Post is sent, the server responds with a '100 continue' header, but with no body. ISA's content filtering then flagged the response as only needing the header and not the body. When the next response (200) arrived, it was only expecting a header so it strips the body from the response and passes just the header to your browser, causing that blank page.

The fix has not been fully regression tested by Microsoft so is not available as a hotfix and is not documented on the knowledgebase yet. It will appear on the knowledgebase when it has been fully tested, but this has been delayed by the work on SP1.

I've been told that the release of ISA SP1 is 'imminent' and will probably happen in the next two to three weeks. Contrary to earlier rumours however, this hotfix will not be included in SP1. Microsoft will re-issue the private fix to anyone who needs it following the launch of SP1, but expect it to be 8-12 weeks after SP1 for this to become a fully tested hotfix.

Ross

[ February 18, 2005, 12:04 PM: Message edited by: myxiplx ]

(in reply to cschreiner)
Post #: 25
RE: strange problem re: restrict certain HTTP content - 15.Mar.2005 12:54:00 PM   
Errevi

 

Posts: 4
Joined: 15.Mar.2005
From: Italy
Status: offline
I've installed the SP1 for ISA2004, but the problem is the same!

Does anyone have any suggestion?
thanks

(in reply to cschreiner)
Post #: 26
RE: strange problem re: restrict certain HTTP content - 15.Mar.2005 6:12:00 PM   
Errevi

 

Posts: 4
Joined: 15.Mar.2005
From: Italy
Status: offline
I've conctacted Microsoft Support EMEA.
The problem is very and confirmed from Microsoft... finally! as soon possible out a hot-fix beta.

errevi

(in reply to cschreiner)
Post #: 27
RE: strange problem re: restrict certain HTTP content - 23.Mar.2005 4:26:00 PM   
olawton

 

Posts: 12
Joined: 18.Mar.2005
From: London
Status: offline
I've got the same problem here, if I have a deny rule that blocks any content types before the main allow rule some sites give a blank page, here's an example site that always fails:-

http://www.thepensionservice.gov.uk/pensioncredit/calculator/calculate.asp

After I press the "click here to go to next page" the next page is always blank.

If I disable the deny rule that blocks executable content then the page loads OK.

(in reply to cschreiner)
Post #: 28
RE: strange problem re: restrict certain HTTP content - 29.Mar.2005 10:04:00 PM   
Jim Harrison

 

Posts: 271
Joined: 5.May2001
From: Redmond, WA
Status: offline
Didn't you see Errevi's post?
Call PSS.

(in reply to cschreiner)
Post #: 29
RE: strange problem re: restrict certain HTTP content - 30.Mar.2005 3:01:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jim,

Thanks!
Tom

(in reply to cschreiner)
Post #: 30
RE: strange problem re: restrict certain HTTP content - 5.Apr.2005 10:34:00 AM   
olawton

 

Posts: 12
Joined: 18.Mar.2005
From: London
Status: offline
Does anyone know if there's a KB article number about this issue yet.

I rang MS EMEA tech support but they said I'd have to pay 199 by credit card unless I could give them a KB article number that said there's a problem [Frown]

(in reply to cschreiner)
Post #: 31
RE: strange problem re: restrict certain HTTP content - 5.Apr.2005 2:43:00 PM   
myxiplx

 

Posts: 136
Joined: 16.Mar.2001
Status: offline
Pete, my post above should explain the situation in detail.

Microsoft do not charge for known bugs, but they also do not release a KB article until they have a fully tested hotfix. This unfortunately leaves an in between state where you have a known problem, but have to give your credit card details to speak to Microsoft.

I have done this myself several times, and can confirm that while you have to give credit card details, they will not charge you if this is the problem you are experiencing.

The only downside is that you need to be really sure this is the cause of your problem, but there are more than enough details in this discussion for you to check that.

Ross

(in reply to cschreiner)
Post #: 32
RE: strange problem re: restrict certain HTTP content - 6.Apr.2005 3:26:00 PM   
olawton

 

Posts: 12
Joined: 18.Mar.2005
From: London
Status: offline
Well, yes you sort of explained it, however you didn't explain how to check the details:-

"Netmon traces from both the internal & external interfaces of your server, plus output from ISAInfo so they can check exactly how your server is configured and verify that you are experiencing this problem"

I suppose the catch is that until you call MS and give them 199 they won't give you the tests to run or what results they expect, to see if the problem is covered by a free patch.

As your post was about 6 weeks ago I was enquiring if anyone knew whether MS had released a KB about the issue yet, which would save me the gamble with MS support

(in reply to cschreiner)
Post #: 33
RE: strange problem re: restrict certain HTTP content - 11.Apr.2005 2:23:00 PM   
myxiplx

 

Posts: 136
Joined: 16.Mar.2001
Status: offline
Yup, but I also said: "They'll give you details on how to do this when you call.".

I'm afraid there is no way around this. You need to check as carefully as you can that you are experiencing this issue and then call Microsoft. They won't charge you at all if you are having this problem, but I'm afraid you have to take that risk.

Microsoft have told me that it'll probably be 8-12 weeks after SP1 before they fully release this patch with it's associated KB article. That's still a couple of months away but everyone who has received the early fix will be notified as soon as it's available. Once I have details on that I'll post an update here with the KB number.

The best suggestion I can give you to test the problem if you're still unsure is to find an ASP site that is giving you problems and test it with content filtering enabled and with content filtering disabled. If you make sure the content filtering you use should not be blocking that site (just block a movie file or something), and you find that you have problems with the filter enabled, you can be fairly sure you're having this problem and should be able to call Microsoft confident that you will not be charged.

Ross

(in reply to cschreiner)
Post #: 34
RE: strange problem re: restrict certain HTTP content - 13.Apr.2005 4:25:00 PM   
myxiplx

 

Posts: 136
Joined: 16.Mar.2001
Status: offline
UPDATE:

I've just had an e-mail from Microsoft informing me that hotfix is nearly ready.

The KB article is not yet public, but I've been told it will be published at the following URL in a week or two:-

http://support.microsoft.com/?id=895202

Ross

(in reply to cschreiner)
Post #: 35
RE: strange problem re: restrict certain HTTP content - 19.Apr.2005 2:19:00 PM   
bifata

 

Posts: 1
Joined: 18.Apr.2005
From: Brussels
Status: offline
I have also a strange problem with ISA 2004 on windows 2003. Have everything working well when I connected directly to ISA 2004. When I go through a gateway which has to scan http traffic, I receive a blank page whether I use windows integrated authentication method. Without authentication, I have no problem. Does anyone have any idea?
Medru

(in reply to cschreiner)
Post #: 36
RE: strange problem re: restrict certain HTTP content - 20.May2005 11:45:00 AM   
cschreiner

 

Posts: 16
Joined: 25.Jan.2002
Status: offline
Greetings all,

hotfix is easily available with call to PSS. Was curious if anyone had applied and if it fixed the issue or caused any other problems?

Thanks for any insight.

chris

(in reply to cschreiner)
Post #: 37
RE: strange problem re: restrict certain HTTP content - 25.May2005 10:08:00 AM   
cschreiner

 

Posts: 16
Joined: 25.Jan.2002
Status: offline
update

applied the hotfix and all works as supposed to.

(in reply to cschreiner)
Post #: 38
RE: strange problem re: restrict certain HTTP content - 10.Feb.2006 3:37:12 PM   
StanleyK82

 

Posts: 4
Joined: 16.Aug.2004
From: Cincinnati, OH
Status: offline
Good Lord! After all those years...  Applied SP2 (the hotfix is included in the service pack). Content Type Rules work fine!

I'm still wondering why they didn't want to fix the problem earlier, why only in Sep, 2005 (http://support.microsoft.com/kb/895202/), almost 1.5 year after the release date? 

It was obvious that the bug was very serious. In fact, because of this ISA 2004 couldn't deal with Content Type control at all.

< Message edited by StanleyK82 -- 10.Feb.2006 3:40:01 PM >

(in reply to cschreiner)
Post #: 39
RE: strange problem re: restrict certain HTTP content - 13.Feb.2006 5:17:12 PM   
bumper

 

Posts: 8
Joined: 12.Jul.2005
Status: offline

Hello,

I'm having the same problem described in the first post by cschreiner and was wondering if anyone has found a resolution.

I don't have the blank page after post problem, but one where access to sites that don't have audio and video content, e.g. online banking sites which require a login, are blocked.  The rule allows HTTP, HTTPS, and FTP with all content except audio and video.

I've applied ISA 2004 SP2 with no change.

Any assistance will be greatly appreicated.

(in reply to StanleyK82)
Post #: 40

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> RE: strange problem re: restrict certain HTTP content Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts