After you enable the "Content requiring user authentication
for retrieval" cache rule in Microsoft Internet Security and Acceleration (ISA)
Server 2004, the ISA Server computer caches content that is requested by users
who are permitted to retrieve that content. However, users who do not have
permissions to access that particular content can still request and receive
this content from the ISA Server computer.
Back to the top
By default, ISA Server 2004 does not cache content that is
requested by authenticated users. However, if you enable the "Content requiring
user authentication for retrieval cache" rule, ISA Server caches content that
is requested by authenticated users. Then, ISA Server serves the cached content
for all future requests without verifying access permissions.
Back to the top
Service pack information
To resolve this problem, obtain the ISA Server 2004 hotfix
package. For more information about the ISA Server 2004 hotfix package,
click the following article number to view the article in the Microsoft
Knowledge Base:
921937 (http://support.microsoft.com/kb/921937/)
Description of the ISA Server 2004
hotfix package: July 6, 2006
Back to the top
Hotfix information
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Prerequisites
You must have ISA Server 2004 Standard Edition Service Pack 1
(SP1) installed before you apply this hotfix.
Restart requirement
You do not have to restart the computer after you apply this
hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file
attributes (or later file attributes) that are listed in the following table.
The dates and times for these files are listed in Coordinated Universal Time
(UTC). When you view the file information, it is converted to local time. To
find the difference between UTC and local time, use the
Time
Zone tab in the Date and Time item in Control Panel.
Date Time Version Size File name
-----------------------------------------------------------
01-Apr-2005 17:20 4.0.2163.254 647,440 W3filter.dll
Back to the top
Microsoft has confirmed that this is a bug in the Microsoft
products that are listed in the "Applies to"
section.
Back to the top
After you apply this hotfix, ISA Server may return an error.
This error indicates that the page that you requested has expired. This
behavior occurs if any one of the following conditions is true:
| • | You configure the ISA Server computer to retrieve content
from the cache, regardless of whether the content is still valid or
not. |
| • | The client request specifies that expired content that is
returned by the ISA Server is acceptable. |
To resolve this issue, use one of the following methods:
| • | Block the “max-stale” HTTP header field.
To block
the “max-stale” HTTP header field, you must create a new signature for the
“max-stale” HTTP header field in the Signature
tab.
For more information about HTTP filtering in ISA Server 2004,
visit the following Microsoft Web site:Note The "max-stale" HTTP header field indicates that the client may
accept a media stream that has exceeded its expiration time. If max-stale is
assigned a value, the client may accept a response that has exceeded its
expiration time by no more than the specified number of seconds. If no value is
assigned to max-stale, the client may accept a stale response of any age. For
example, if you create a value of 3600 for the “max-stale” HTTP header field,
the client can accept data that has exceeded the expiration time by no more
than one hour (3600 seconds). |
| • | Configure the ISA Server computer to prevent it from
retrieving expired cache content. To do this, click the following option on the
Contents Retrieval page in the New Cache Rule Wizard: Only if a valid version of the object exists in cache. If no valid version exists, route the request to the server. |
For more information about how to install ISA Server
2004 hotfixes and updates, click the following article number to view the
article in the Microsoft Knowledge Base:
885957 (http://support.microsoft.com/kb/885957/)
How to install ISA Server hotfixes and updates
Back to the top
