[isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 26 Jun 2009 12:34:30 -0700

The research force is strong with this one...
Yes - if you have any HTTP filter settings applied, and the content is 
delivered using any encoding other than gzip, the HTTP filter will reject it.
The solutions offered in those threads are what you will have to choose from.

Jim

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Edgardo Balansay
Sent: Friday, June 26, 2009 9:36 AM
To: isalist
Subject: [isalist] ISA 2004 -- Response content is encoded and cannot be scanned

Hi all!   Happy 2009! =)

So, as usual ISA 2004 Standard has been running great and I haven't had to 
query this list for a while, until now:

1)  Accessing, http://www.evite.com/
2)  In the center above the flash slide show is a link, "Create an invitation" 
to create an invitation.  This link goes to:  
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true

Upon browsing to 
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true

IE 7.0 returns the "500 Internal Server Error. The request was rejected by the 
HTTP filter. Contact your ISA Server administrator. (12217)"

Looking on the ISA logs, displays, "Blocked by the HTTP security filter:  the 
Response content is encoded and cannot be scanned"

----------
Reviewing our HTTP security filters, the only HTTP filter applied is the, 
"Block responses containing Windows executable content"  There are no other 
signatures, etc. blocking stuff.

-------------
Browsing this list archives, it appears something similar has been encountered 
a few times around 2005 with others sites, such as perhaps Staples / Starwood 
Hotels, and downloading of .tar.gz files.

A few Relevant threads:

1)  [isalist] Creating a custom HTTP protocol
Where the good Dr. Shinder prescribes configuring the site for Direct Access -- 
which for the Original Poster & us, still yields the same '...response content 
is encoded and cannot be scanned...' message.  The client machines are SNAT, 
Firewall Client, & Web Proxy ISA Clients.

2)  [isalist] How to allow downloading .tar.gz files

In this post, Jim H, indicates, "Unfortunately, you can't have encoding and 
inspection in the same breath.
You'll have to either use FTP to get the files or disable the HTTP Filter for 
the duration."

---------------------

Anyhow, users that are assigned to a different HTTP rule that does allow 
Windows Executable Content to download (Network Admins), can easily access the 
Evite link:  
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true


Question:

Like the "Creating a custom HTTP protocol" thread from 12/2005, is it still the 
suggestion to create a custom HTTP rule for certain sites that respond with 
encoded content to allow users access?

Thanks!
Edgardo

• References:
  • [isalist] ISA 2004 -- Response content is encoded and cannot be scanned
    • From: Edgardo Balansay

Other related posts:

• » [isalist] ISA 2004 -- Response content is encoded and cannot be scanned- Edgardo Balansay
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned - Jim Harrison
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Edgardo Balansay
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Steve Moffat
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Ball, Dan
• » [isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned- Jim Harrison

1. Home
2. isalist
3. Archive
4. 06-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---