Network Access Message: The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Try the following:
- Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion. -Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped. -Access from a link: If there is a link to the page you are looking for, try accessing the page from that link. -If you are still not able to view the requested page, try contacting your administrator or Helpdesk
Technical Information (for support personnel) Error Code: 502 Proxy Error. The request was rejected by the HTTP filter. Contact your ISA Server administrator. (12217) IP Address: 172.16.0.3 Date: 8/9/2005 8:27:06 PM Server: ISA-03.madonna.local Source: web filter
On the HTTP Filter, I deselected the following signatures. (I downloaded the scripts to create this from isaserver.org.)
Name: ScriptInject1 Description: Blocks 'StartOfTag left parentheses<right parentheses' in Request URLs Search In: Request URL Signature: <
Name: ScriptInject2 Description: Blocks 'EndOfTag left parentheses>rightparentheses' in Request URLs Search In: Request URL Signature: >
Note in the above script I used the word left parentheses for ( and right parentheses for ) as the combination is blocked on this site.
I can now access the site without the 12217 error.
This is very frustrating. I keep hoping it is something I've configured incorrectly and not something inherently wrong with ISA. I do not believe I will be able to justify keeping ISA, the usual fix is to send users directly out through a WatchGuard firewall. I want to make this impossible in the future by making all traffic go out through ISA and removing the WG from the trusted network, but there are too many business-critical applications that I cannot get to work through ISA 2004.
Any assistance with this error would be greatly appreciated.
I feel the same way at the moment. But I'm willing to upgrade to isa 2006 if it's released soon and if it will resolve the issues. This has probably been my worst issue. The site I can't access is www.adventist.org
Error Code: 502 Proxy Error. The request was rejected by the HTTP filter. Contact your ISA Server administrator. (12217) IP Address: 192.168.54.2 Date: 13/07/2006 09:17:55 Server: svr-proxy.curric.local Source: web filter I do have signatures to be blocked (such as script inject etc.) installed on the http filter and I have subsequently un-checked all of these, but still no joy! I have made sure that the rule blocking this page is the web filter rule by checking the monitoring filter.
ISA is really great most of the time, but its these silly errors that really get up my nose. Can anybody help me with this error?
The other alternative i suppose is to un-install all signatures and see whether that works, but then again I can't see what signature would block the above URL? I could also try deleting and creating a new rule and see whether that would make it work?
I will update you all if either of the above works or not.
I think I have solved it although I think that this may be a bug associated with ISA 2004.
I created a new web access rule with a new web filter, but no blocked signatures added and I could access the website. I then added the header signature block rules one by one, everytime accessing the website and checking to see whether I could find a problematic signature, but after adding all the signatures as in the previous rule it still worked.
So my solution to this problem (because it worked for me) is to create a new firewall rule for HTTP, HTTPS protocol, call the rule 'web filter rule' . Add it to the list of rules in the firewall policy above the old web filter rule you are having problems with just to make sure it hits the new rule rather than the old one. Then check to see whether you are hitting this access rule by using the monitoring section of isa. If you are and the website works, then add the signatures one by one (check them individually, just incase one of the signatures is in-advertantly blocking a site when it shouldn't).
Hopefully this should solve your problem if you are experiencing the same irrating problem I have faced.
I can confirm this also is true in ISA 2006. After adding VML filters (thanks MS - full sarcasm implied) I found that some sites were blocked from downloading .gz files. Added new rule as suggested by Jamie Lynch above and now it works again. Thanks for the tip!
I had the same problem. I discovered the resolution was to disable the tickbox for Verify Normalization in the HTTP policy rule. There were a lot of %20 characters in the URL that were affecting the rule. Richard.