You use Microsoft Forefront Threat Management Gateway (TMG) 2010 to publish an intranet server that uses a web publishing rule.
You have configured the HTTP filter properties of this rule to deny requests based on specific criteria. For example, you want to deny all requests that exceed a maximum payload length, such as a payload length of 5,000 bytes.
You try to upload a file that exceeds the maximum payload length from an external client to the published web server.
In this scenario, the request is correctly denied. However, when you examine the Bytes Received value that is listed in the web proxy log, the value is approximately double the size of the file that you tried to upload. The correct value should be the size of the file plus additional bytes to include the HTTP headers size.
Note This bug can also be observed by using an ISA server.
This problem occurs because TMG 2010 incorrectly doubles the size of a denied HTTP request in the web proxy logs.
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2555840 Microsoft Forefront Threat Management Gateway 2010 Service Pack 2
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about the Bytes Received web proxy log field, visit the following TechNet website: