[isalist] ISA 2004 -- Response content is encoded and cannot be scanned

• From: Edgardo Balansay <balansay@xxxxxxxxx>
• To: isalist <isalist@xxxxxxxxxxxxx>
• Date: Fri, 26 Jun 2009 09:36:14 -0700

Hi all!   Happy 2009! =)
So, as usual ISA 2004 Standard has been running great and I haven't had to
query this list for a while, until now:

1)  Accessing, http://www.evite.com/
2)  In the center above the flash slide show is a link, "Create an
invitation" to create an invitation.  This link goes to:
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true

Upon browsing to
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true

IE 7.0 returns the "500 Internal Server Error. The request was rejected by
the HTTP filter. Contact your ISA Server administrator. (12217)"

Looking on the ISA logs, displays, "Blocked by the HTTP security filter:
 the Response content is encoded and cannot be scanned"

----------
Reviewing our HTTP security filters, the only HTTP filter applied is the,
"Block responses containing Windows executable content" There are no other
signatures, etc. blocking stuff.

-------------
Browsing this list archives, it appears something similar has
been encountered a few times around 2005 with others sites, such as perhaps
Staples / Starwood Hotels, and downloading of .tar.gz files.

A few Relevant threads:

1) [isalist] Creating a custom HTTP protocol
Where the good Dr. Shinder prescribes configuring the site for Direct Access
-- which for the Original Poster & us, still yields the same '...response
content is encoded and cannot be scanned...' message.  The client machines
are SNAT, Firewall Client, & Web Proxy ISA Clients.

2) [isalist] How to allow downloading .tar.gz files

In this post, Jim H, indicates, "Unfortunately, you can't have encoding and
inspection in the same breath.
You'll have to either use FTP to get the files or disable the HTTP Filter
for the duration."
---------------------

Anyhow, users that are assigned to a different HTTP rule that does allow
Windows Executable Content to download (Network Admins), can easily access
the Evite link:
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true


Question:

Like the "Creating a custom HTTP protocol" thread from 12/2005, is it still
the suggestion to create a custom HTTP rule for certain sites that respond
with encoded content to allow users access?

Thanks!
Edgardo

• Follow-Ups:
  • [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned
    • From: Jim Harrison

Other related posts:

• » [isalist] ISA 2004 -- Response content is encoded and cannot be scanned - Edgardo Balansay
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Jim Harrison
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Edgardo Balansay
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Steve Moffat
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Ball, Dan
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Jim Harrison

1. Home
2. isalist
3. Archive
4. 06-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---