After you use Microsoft Internet Security and Acceleration (ISA) Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition to publish a Web site, you experience the following symptoms:
- A client computer may submit an HTTP request that contains the host header of the Web server. However, this request does not contain the port number of the Web server.
- ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits the request to the published Web server. However, this request contains the host header together with the port number of the Web server.
If the Web application that is running on the Web server does not expect the host header to include the port number, the Web application may generate an error.
This problem occurs if the following conditions are true:
- You publish the Web site as a secure Web site. In this situation, you only expose the HTTPS interface to client computers.
- The Web site publishing rule bridges HTTPS traffic to HTTP traffic. This means that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition accesses the Web server by using the HTTP protocol.
- The Web publishing rule has the Forward the original host header instead of the actual one option enabled.
In this scenario, the host header that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits in the HTTP request has the following format:
Host: www.contoso.com:443
This behavior occurs even if the host header in the client computer's HTTPS request has the following format:
Host: www.contoso.com
To resolve this problem, install the update that is mentioned in the following Microsoft Knowledge Base article:
925403
(http://support.microsoft.com/kb/925403/
)
Update is available that supports publishing Microsoft Exchange Server 2007 behind Internet Security and Acceleration (ISA) Server 2006
After you install this update, run the following Microsoft Visual Basic script to enable the functionality that is described in this article.
Note You must install update 925403 before you run this script.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
- Start a text editor, such as Notepad.
- Paste the following code into the text editor window.
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "SendUnmodifiedOriginalHostHeader"
Const SE_VPS_VALUE = true
Sub SetValue()
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( SE_VPS_GUID )
If Err.Number <> 0 Then
Err.Clear
' Add the item
Set VendorSet = VendorSets.Add( SE_VPS_GUID )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value(SE_VPS_NAME)
End If
if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
Err.Clear
VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError
If Err.Number = 0 Then
WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
End If
End If
Else
WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
End If
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
SetValue - Save the file by using the .vbs file name extension. For example, save the file as SendUnmodifiedOriginalHostHeader.vbs.
- Copy the .vbs file to the computer that is running ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition, and then double-click the file to run it.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
A request header that has the following form is a legitimate header:
Host: www.contoso.com:443
This form is defined in section 14.23 of RFC 2616. The problem that this article resolves occurs if the following conditions are true:
- ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges HTTPS to HTTP.
- The Web application expects a host header without a port number.
In this scenario, the client computer sent the host header without specifying the port. However, ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition adds the port number when ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges the traffic from HTTPS to HTTP.
For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684
(http://support.microsoft.com/kb/824684/
)
Description of the standard terminology that is used to describe Microsoft software updates
Help and Support
Back to the top
