ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition includes the host header together with the port number of the Web server after you publish a Web site

Article translations Article translations
Article ID: 925287 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

After you use Microsoft Internet Security and Acceleration (ISA) Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition to publish a Web site, you experience the following symptoms:
  • A client computer may submit an HTTP request that contains the host header of the Web server. However, this request does not contain the port number of the Web server.
  • ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits the request to the published Web server. However, this request contains the host header together with the port number of the Web server.
If the Web application that is running on the Web server does not expect the host header to include the port number, the Web application may generate an error.

CAUSE

This problem occurs if the following conditions are true:
  • You publish the Web site as a secure Web site. In this situation, you only expose the HTTPS interface to client computers.
  • The Web site publishing rule bridges HTTPS traffic to HTTP traffic. This means that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition accesses the Web server by using the HTTP protocol.
  • The Web publishing rule has the Forward the original host header instead of the actual one option enabled.
In this scenario, the host header that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits in the HTTP request has the following format:
Host: www.contoso.com:443
This behavior occurs even if the host header in the client computer's HTTPS request has the following format:
Host: www.contoso.com

RESOLUTION

To resolve this problem, install the update that is mentioned in the following Microsoft Knowledge Base article:
925403 Update is available that supports publishing Microsoft Exchange Server 2007 behind Internet Security and Acceleration (ISA) Server 2006
After you install this update, run the following Microsoft Visual Basic script to enable the functionality that is described in this article.

Note You must install update 925403 before you run this script.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  1. Start a text editor, such as Notepad.
  2. Paste the following code into the text editor window.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
    Const SE_VPS_NAME = "SendUnmodifiedOriginalHostHeader"
    Const SE_VPS_VALUE = true
    
    Sub SetValue()
    
        ' Create the root object.
        Dim root  ' The FPCLib.FPC root object
        Set root = CreateObject("FPC.Root")
    
        'Declare the other objects needed.
        Dim array       ' An FPCArray object
        Dim VendorSets  ' An FPCVendorParametersSets collection
        Dim VendorSet   ' An FPCVendorParametersSet object
    
        ' Get references to the array object
        ' and the network rules collection.
        Set array = root.GetContainingArray
        Set VendorSets = array.VendorParametersSets
    
        On Error Resume Next
        Set VendorSet = VendorSets.Item( SE_VPS_GUID )
    
        If Err.Number <> 0 Then
            Err.Clear
    
            ' Add the item
            Set VendorSet = VendorSets.Add( SE_VPS_GUID )
            CheckError
            WScript.Echo "New VendorSet added... " & VendorSet.Name
    
        Else
            WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
        End If
    
        if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
    
            Err.Clear
            VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
    
            If Err.Number <> 0 Then
                CheckError
            Else
                VendorSets.Save false, true
                CheckError
    
                If Err.Number = 0 Then
                    WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
                End If
            End If
        Else
            WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
        End If
    
    End Sub
    
    Sub CheckError()
    
        If Err.Number <> 0 Then
            WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
            Err.Clear
        End If
    
    End Sub
    
    SetValue
  3. Save the file by using the .vbs file name extension. For example, save the file as SendUnmodifiedOriginalHostHeader.vbs.
  4. Copy the .vbs file to the computer that is running ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition, and then double-click the file to run it.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

A request header that has the following form is a legitimate header:
Host: www.contoso.com:443
This form is defined in section 14.23 of RFC 2616. The problem that this article resolves occurs if the following conditions are true:
  • ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges HTTPS to HTTP.
  • The Web application expects a host header without a port number.
In this scenario, the client computer sent the host header without specifying the port. However, ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition adds the port number when ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges the traffic from HTTPS to HTTP.

For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 925287 - Last Review: November 17, 2008 - Revision: 3.0
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Windows Essential Business Server 2008 Standard
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
Keywords: 
kbtshoot kbfirewall kbbug kbfix kbpubtypekc KB925287

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com