[isalist] Re: ISA 2004 -- Response content is encoded and cannot be scanned
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 2 Jul 2009 07:57:36 -0400
I'm sure I can find him and bring him back if you want......
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Wednesday, July 01, 2009 5:38 PM
To: ISA Mailing List
Subject: [isalist] Re: ISA 2004 -- Response content is encoded and cannot be
scanned
Ahh...Andrew English..there's a guy...lol
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Edgardo Balansay
Sent: Wednesday, July 01, 2009 6:04 PM
To: ISA Mailing List
Subject: [isalist] Re: ISA 2004 -- Response content is encoded and cannot be
scanned
On Fri, Jun 26, 2009 at 12:34 PM, Jim Harrison
<Jim@xxxxxxxxxxxx<mailto:Jim@xxxxxxxxxxxx>> wrote:
The research force is strong with this one...
Thanks! I was lurking & LOLing during the Andrew English era. =)
Yes - if you have any HTTP filter settings applied, and the content is
delivered using any encoding other than gzip, the HTTP filter will reject it.
If thats how it is, then thats how it is. Added to memory.
The solutions offered in those threads are what you will have to choose from.
Sweet! The custom HTTP rule is working sufficiently, just wanted to know if
there was an update.
Jim
Until next time, thanks again!
Edgardo
From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On
Behalf Of Edgardo Balansay
Sent: Friday, June 26, 2009 9:36 AM
To: isalist
Subject: [isalist] ISA 2004 -- Response content is encoded and cannot be scanned
Hi all! Happy 2009! =)
So, as usual ISA 2004 Standard has been running great and I haven't had to
query this list for a while, until now:
1) Accessing, http://www.evite.com/
2) In the center above the flash slide show is a link, "Create an invitation"
to create an invitation. This link goes to:
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true
Upon browsing to
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true
IE 7.0 returns the "500 Internal Server Error. The request was rejected by the
HTTP filter. Contact your ISA Server administrator. (12217)"
Looking on the ISA logs, displays, "Blocked by the HTTP security filter: the
Response content is encoded and cannot be scanned"
----------
Reviewing our HTTP security filters, the only HTTP filter applied is the,
"Block responses containing Windows executable content" There are no other
signatures, etc. blocking stuff.
-------------
Browsing this list archives, it appears something similar has been encountered
a few times around 2005 with others sites, such as perhaps Staples / Starwood
Hotels, and downloading of .tar.gz files.
A few Relevant threads:
1) [isalist] Creating a custom HTTP protocol
Where the good Dr. Shinder prescribes configuring the site for Direct Access --
which for the Original Poster & us, still yields the same '...response content
is encoded and cannot be scanned...' message. The client machines are SNAT,
Firewall Client, & Web Proxy ISA Clients.
2) [isalist] How to allow downloading .tar.gz files
In this post, Jim H, indicates, "Unfortunately, you can't have encoding and
inspection in the same breath.
You'll have to either use FTP to get the files or disable the HTTP Filter for
the duration."
---------------------
Anyhow, users that are assigned to a different HTTP rule that does allow
Windows Executable Content to download (Network Admins), can easily access the
Evite link:
http://www.evite.com/app/invitations/gallery/templates.do?isNew=true
Question:
Like the "Creating a custom HTTP protocol" thread from 12/2005, is it still the
suggestion to create a custom HTTP rule for certain sites that respond with
encoded content to allow users access?
Thanks!
Edgardo
Other related posts:
