ISA Site and Content Rule May Incorrectly Deny Request (315127)



The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2000

This article was previously published under Q315127

SYMPTOMS

After you create a site and content rule to permit access to a specific Web site, SecureNat and Firewall clients cannot access the site, and you may receive the following error messages in other Winsock applications:
Page cannot be displayed

-or-

Access Denied

RESOLUTION

The following workarounds are available:
  • Disable the HTTP redirector.
  • Configure the redirector to Send to Web Proxy.

    NOTE: This workaround may not work if you use ISA authentication and RealAudio together. Microsoft recommends that you configure the redirector to Send to requested website if you want to use RealAudio through ISA.
  • Configure Microsoft Internet Explorer to use the Web proxy.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

Steps to Reproduce the Behavior

  1. Create a destination set that contains "www.test.com".
  2. Create a site and content Allow rule that uses the destination set that you just created. Note that this must be your only site and content rule.
  3. Configure the HTTP redirector filter to Send to Requested Web Server.
  4. Use a SecureNAT or Firewall client to try to connect to www.test.com on port 80 (use Telnet or a browser that is not configured to use a proxy). Note that you are denied access.

Modification Type:MajorLast Reviewed:5/22/2002
Keywords:kbbug KB315127