You are currently offline, waiting for your internet to reconnect

ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition includes the host header together with the port number of the Web server after you publish a Web site

SYMPTOMS
After you use Microsoft Internet Security and Acceleration (ISA) Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition to publish a Web site, you experience the following symptoms:
  • A client computer may submit an HTTP request that contains the host header of the Web server. However, this request does not contain the port number of the Web server.
  • ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits the request to the published Web server. However, this request contains the host header together with the port number of the Web server.
If the Web application that is running on the Web server does not expect the host header to include the port number, the Web application may generate an error.
CAUSE
This problem occurs if the following conditions are true:
  • You publish the Web site as a secure Web site. In this situation, you only expose the HTTPS interface to client computers.
  • The Web site publishing rule bridges HTTPS traffic to HTTP traffic. This means that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition accesses the Web server by using the HTTP protocol.
  • The Web publishing rule has the Forward the original host header instead of the actual one option enabled.
In this scenario, the host header that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits in the HTTP request has the following format:
Host: www.contoso.com:443
This behavior occurs even if the host header in the client computer's HTTPS request has the following format:
Host: www.contoso.com
RESOLUTION
To resolve this problem, install the update that is mentioned in the following Microsoft Knowledge Base article:
925403 Update is available that supports publishing Microsoft Exchange Server 2007 behind Internet Security and Acceleration (ISA) Server 2006
After you install this update, run the following Microsoft Visual Basic script to enable the functionality that is described in this article.

Note You must install update 925403 before you run this script.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  1. Start a text editor, such as Notepad.
  2. Paste the following code into the text editor window.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"Const SE_VPS_NAME = "SendUnmodifiedOriginalHostHeader"Const SE_VPS_VALUE = trueSub SetValue()    ' Create the root object.    Dim root  ' The FPCLib.FPC root object    Set root = CreateObject("FPC.Root")    'Declare the other objects needed.    Dim array       ' An FPCArray object    Dim VendorSets  ' An FPCVendorParametersSets collection    Dim VendorSet   ' An FPCVendorParametersSet object    ' Get references to the array object    ' and the network rules collection.    Set array = root.GetContainingArray    Set VendorSets = array.VendorParametersSets    On Error Resume Next    Set VendorSet = VendorSets.Item( SE_VPS_GUID )    If Err.Number <> 0 Then        Err.Clear        ' Add the item        Set VendorSet = VendorSets.Add( SE_VPS_GUID )        CheckError        WScript.Echo "New VendorSet added... " & VendorSet.Name    Else        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)    End If    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then        Err.Clear        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE        If Err.Number <> 0 Then            CheckError        Else            VendorSets.Save false, true            CheckError            If Err.Number = 0 Then                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"            End If        End If    Else        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"    End IfEnd SubSub CheckError()    If Err.Number <> 0 Then        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description        Err.Clear    End IfEnd SubSetValue
  3. Save the file by using the .vbs file name extension. For example, save the file as SendUnmodifiedOriginalHostHeader.vbs.
  4. Copy the .vbs file to the computer that is running ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition, and then double-click the file to run it.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
A request header that has the following form is a legitimate header:
Host: www.contoso.com:443
This form is defined in section 14.23 of RFC 2616. The problem that this article resolves occurs if the following conditions are true:
  • ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges HTTPS to HTTP.
  • The Web application expects a host header without a port number.
In this scenario, the client computer sent the host header without specifying the port. However, ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition adds the port number when ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges the traffic from HTTPS to HTTP.

For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Properties

Article ID: 925287 - Last Review: 11/17/2008 03:54:44 - Revision: 3.0

  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Windows Essential Business Server 2008 Standard
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
  • kbtshoot kbfirewall kbbug kbfix kbpubtypekc KB925287
Feedback