Microsoft KB Archive/925287

= ISA Server 2006 includes the host header together with the port number of the Web server after you publish a Web site =

Article ID: 925287

Article Last Modified on 2/8/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition

-



SYMPTOMS
After you use Microsoft Internet Security and Acceleration (ISA) Server 2006 to publish a Web site, you experience the following symptoms:
 * A client computer may submit an HTTP request that contains the host header of the Web server. However, this request does not contain the port number of the Web server.
 * ISA Server 2006 submits the request to the published Web server. However, this request contains the host header together with the port number of the Web server.

If the Web application that is running on the Web server does not expect the host header to include the port number, the Web application may generate an error.



CAUSE
This problem occurs if the following conditions are true:
 * You publish the Web site as a secure Web site. In this situation, you only expose the HTTPS interface to client computers.
 * The Web site publishing rule bridges HTTPS traffic to HTTP traffic. This means that ISA Server 2006 accesses the Web server by using the HTTP protocol.
 * The Web publishing rule has the Forward the original host header instead of the actual one option enabled.

In this scenario, the host header that ISA Server 2006 submits in the HTTP request has the following format:

Host: .contoso.com:443

This behavior occurs even if the host header in the client computer's HTTPS request has the following format:

Host: .contoso.com



RESOLUTION
To resolve this problem, install the update that is mentioned in the following Microsoft Knowledge Base article:

925403 Update is available that supports publishing Microsoft Exchange Server 2007 behind Internet Security and Acceleration (ISA) Server 2006

After you install this update, run the following Microsoft Visual Basic script to enable the functionality that is described in this article.

Note You must install update 925403 before you run this script.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.  Start a text editor, such as Notepad.  Paste the following code into the text editor window. Const SE_VPS_GUID = &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; Const SE_VPS_NAME = &quot;SendUnmodifiedOriginalHostHeader&quot; Const SE_VPS_VALUE = true

Sub SetValue

' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( SE_VPS_GUID )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(SE_VPS_NAME) End If

if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

Err.Clear VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done with &quot; & SE_VPS_NAME & &quot;, saved!&quot; End If       End If    Else WScript.Echo &quot;Done with &quot; & SE_VPS_NAME & &quot;, no change!&quot; End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

SetValue  Save the file by using the .vbs file name extension. For example, save the file as . Copy the .vbs file to the computer that is running ISA Server 2006, and then double-click the file to run it.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
A request header that has the following form is a legitimate header:

Host: www.contoso.com:443

This form is defined in section 14.23 of RFC 2616. The problem that this article resolves occurs if the following conditions are true:
 * ISA Server 2006 bridges HTTPS to HTTP.
 * The Web application expects a host header without a port number.

In this scenario, the client computer sent the host header without specifying the port. However, ISA Server 2006 adds the port number when ISA Server 2006 bridges the traffic from HTTPS to HTTP.

For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbtshoot kbfirewall kbbug kbfix kbpubtypekc KB925287

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.