Article ID: 933716
Article Last Modified on 5/10/2007
APPLIES TO
- Microsoft Internet Security and Acceleration Server 2006 Standard Edition
- Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
SYMPTOMS
When you use overlapped HTTP protocols in Microsoft Internet Security and Acceleration (ISA) Server 2006, the Web Proxy filter logs requests that reference an incorrect access rule. For example, the Web Proxy filter logs requests that reference the default access rule instead of the access rule that is configured to enable HTTP protocols.
Note When you use overlapped HTTP protocols in ISA Server 2006 Enterprise Edition, the requests that are logged may reference the Enterprise default rule.
CAUSE
This problem occurs because the Web Proxy filter in ISA Server 2006 incorrectly sets the logging field to the last rule that was processed. Typically, this issue occurs when there are multiple definitions for the same port.
RESOLUTION
A hotfix is available for computers that are running ISA Server 2006. To resolve this problem, install the hotfix that is described in the following Microsoft Knowledge Base article:
933718 Description of the Internet Security and Acceleration Server 2006 hotfix package: March 21, 2007
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
When you must prevent the Web Proxy filter from intercepting Web traffic, you can use overlapped HTTP protocols. This configuration may be required when non-standard HTTP traffic uses TCP port 80. If you use the standard HTTP protocol, Web traffic that does not comply with the relevant Request for Comments (RFC) standard will be denied. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
917051 The Web Proxy filter in ISA Server 2004 may log requests with an incorrect access rule when you use overlapped HTTP protocols
Keywords: kbtshoot kbexpertiseinter kbprb KB933716
