You receive a "The request was rejected by the HTTP Security filter" error message when you try to open a message from an Exchange Server that is published in ISA Server and in Microsoft Forefront Threat Management Gateway, Medium Business Edition

View products that this article applies to.

SYMPTOMS

When you try to open a particular message or try to view a particular message in the preview pane in Microsoft Outlook Web Access (OWA) 2003, you receive the following error message:

The page cannot be displayed

Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

Try the following:

Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.

Technical Information (for support personnel)

Error Code: 500 Internal Server Error. The request was rejected by the HTTP Security filter. Contact your ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition administrator. (12217)

Back to the top

This issue may occur if you publish a Microsoft Exchange Server 2003 OWA site behind Microsoft Internet Security and Acceleration (ISA) Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition. This issue occurs if both the following conditions are true:

You try to open or preview an e-mail message that contains a high-bit character in the subject line. For example, you open an e-mail message that contains certain German language or Spanish language characters in the subject line.
The Web publishing rule that you use to publish the Exchange Server computer is configured to block high-bit characters.

In this scenario, additional information about why the request was blocked appears in the Web Proxy log file.

Back to the top

WORKAROUND

To work around this issue, configure the Web publishing rule so that it does not block high-bit characters. To do this, follow these steps:

Start the ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition Management tool.
Expand ServerName, where ServerName is the name of your ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition computer.
Click Firewall Policy, click the Web publishing rule that you created to publish the Exchange Server computer for access by OWA users, and then click Edit Selected Rule.
Click the Traffic tab, click Filtering, and then click Configure HTTP.
Click to clear the Block high-bit characters check box, and then click OK two times.
Click Apply to update the firewall policy, and then click OK.

Back to the top

MORE INFORMATION

When you configure HTTP filtering to block high-bit characters, URLs that contain characters from a double-byte character set (DBCS) or URLs that contain Latin 1 characters are blocked. This configuration may affect scenarios such as OWA publishing or Microsoft SharePoint Portal Server publishing. Additionally, this configuration may affect any scenario where a GET request passes a parameter that includes a character from a double-byte character set. You can configure HTTP filtering on a per rule basis for Web publishing rules or for access rules in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition. For additional information about HTTP filtering, search on "HTTP filtering" in ISA Server Help or in Microsoft Forefront Threat Management Gateway, Medium Business Edition Help.

Note You may receive the message that is mentioned in the "Symptoms" section if you configure HTTP filtering to reject part of the HTTP request or part of the HTTP response. If you want to permit the request, review and reconfigure the HTTP filtering rule that affects the request.

Back to the top