Microsoft KB Archive/944252

= ISA Server 2004 blocks compressed file attachments if the &quot;Block responses containing Windows executable content&quot; option is enabled in the HTTP filter settings =

Article ID: 944252

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-



SYMPTOMS
Consider the following scenario. You publish an Outlook Web Access (OWA) Web site in Microsoft Internet Security and Acceleration (ISA) Server 2004. In the OWA Web publishing rule, you enable the Block responses containing Windows executable content option in the HTTP filter settings. However, OWA users cannot download compressed (.zip) file attachments.

When this problem occurs, OWA users receive the following error message in the Web browser:

Technical Information (for support personnel)

Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact your ISA Server administrator. (12217)



CAUSE
This problem occurs because OWA uses a &quot;Content-Encoding: none&quot; header when OWA sends compressed (.zip) file attachments. This content-encoding header indicates that the content is not encoded. However, ISA Server does not recognize this non-standard encoding schema. Therefore, ISA Server blocks the response when ISA Server inspects the response body.



RESOLUTION
To resolve this problem, follow these steps:  Apply the hotfix package that is described in the following Microsoft Knowledge Base article:

945043 getKB -Description of the ISA Server 2004 hotfix package: date

 Start Notepad.  Copy the following code, and then paste it into Notepad.  ' ' Copyright (c) Microsoft Corporation. All rights reserved. ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS ' HEREBY PERMITTED.   ' This script sets whether ISA will treat the 'Content-Encoding: none' response header ' to mean that the content is not encoded for a specified rule ' ' usage - to enable this functionality run the script as follows:- ' cscript AllowNoneEncoding.vbs rulename ' ' where rulename is the name of the OWA Web pubishing rule ' 

Const SE_VPS_GUID = &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; Const SE_VPS_NAME = &quot;AllowNoneEncoding&quot; Const SE_VPS_VALUE = true

'Define the constants needed const Error_FileNotFound = &H80070002 Const fpcPolicyWebPublishing = 2

Main(WScript.Arguments)

Sub Main(args)

If(args.Count = 1) Then SetAllowNoneEncoding args(0) Else Usage End If End Sub

Sub SetAllowNoneEncoding(ruleName)

' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

' Declare the other objects needed. Dim isaArray       ' An FPCArray object Dim rule           ' An FPCPolicyRule object

' Obtain a reference to the array object. Set isaArray = root.GetContainingArray

' Obtain a reference to the policy rule specified. On Error Resume Next Set rule = isaArray.ArrayPolicy.PolicyRules.Item(ruleName) If Err.Number = Error_FileNotFound Then WScript.Echo &quot;The policy rule specified could not be found.&quot; Else Err.Clear On Error GoTo 0 If rule.Type = fpcPolicyWebPublishing Then

Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

Set VendorSets = rule.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( SE_VPS_GUID )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(SE_VPS_NAME) End If

if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

Err.Clear VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

If Err.Number <> 0 Then CheckError End If           End If

rule.Save WScript.Echo &quot;Done!&quot;

Else WScript.Echo &quot;The policy rule specified is not a Web publishing rule.&quot; End If   End If

End Sub

Sub Usage WScript.Echo &quot;Usage:&quot; & VbCrLf _ & &quot; &quot; & WScript.ScriptName & &quot; RuleName&quot; & VbCrLf _ & &quot;&quot; & VbCrLf _ & &quot;   RuleName - Name of the Web publishing rule&quot; WScript.Quit End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.  Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, use the following name to save the file:

AllowNoneEncoding.vbs

 At a command prompt, change to the location where you saved the file in step 4, and then run the following command:

cscript AllowNoneEncoding.vbs

In this command, the  placeholder represents the name of the OWA Web Publishing rule.

Note To revert to the default setting, edit the script by changing &quot;Const SE_VPS_VALUE = true&quot; to &quot;Const SE_VPS_VALUE = false.&quot; Save the script, and then run it again.



WORKAROUND
To work around this problem, disable the Block responses containing Windows executable content option in the OWA Web publishing rule.

For more information, visit the following Microsoft TechNet Web site:

http://www.microsoft.com/technet/isa/2004/help/FW_H_HTTPBlockExe.mspx

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbexpertiseinter kbqfe KB944252

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.