You receive a "The request was rejected by the HTTP Security filter" error message when you try to open a message from an Exchange Server that is published in ISA Server (837865)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition

SYMPTOMS

When you try to open a particular message or try to view a particular message in the preview pane in Microsoft Outlook Web Access (OWA) 2003, you receive the following error message:

The page cannot be displayed


Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

Try the following:
  • Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
  • Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
  • Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
Technical Information (for support personnel)
  • Error Code: 500 Internal Server Error. The request was rejected by the HTTP Security filter. Contact your ISA Server administrator. (12217)

CAUSE

This issue may occur if you publish a Microsoft Exchange Server 2003 OWA site behind Microsoft Internet Security and Acceleration (ISA) Server . This issue occurs if both the following conditions are true:
  • You try to open or preview an e-mail message that contains a high-bit character in the subject line. For example, you open an e-mail message that contains certain German language or Spanish language characters in the subject line.
  • The Web publishing rule that you use to publish the Exchange Server computer is configured to block high-bit characters.
In this scenario, additional information about why the request was blocked appears in the Web Proxy log file.

WORKAROUND

To work around this issue, configure the Web publishing rule so that it does not block high-bit characters. To do this, follow these steps:
  1. Start the ISA Server Management tool.
  2. Expand ServerName, where ServerName is the name of your ISA Server computer.
  3. Click Firewall Policy, click the Web publishing rule that you created to publish the Exchange Server computer for access by OWA users, and then click Edit Selected Rule.
  4. Click the Traffic tab, click Filtering, and then click Configure HTTP.
  5. Click to clear the Block high-bit characters check box, and then click OK two times.
  6. Click Apply to update the firewall policy, and then click OK.

MORE INFORMATION

When you configure HTTP filtering to block high-bit characters, URLs that contain characters from a double-byte character set (DBCS) or URLs that contain Latin 1 characters are blocked. This configuration may affect scenarios such as OWA publishing or Microsoft SharePoint Portal Server publishing. Additionally, this configuration may affect any scenario where a GET request passes a parameter that includes a character from a double-byte character set. You can configure HTTP filtering on a per rule basis for Web publishing rules or for access rules in ISA Server 2004. For additional information about HTTP filtering, search on "HTTP filtering" in ISA Server 2004 Help.

Note You may receive the message that is mentioned in the "Symptoms" section if you configure HTTP filtering to reject part of the HTTP request or part of the HTTP response. If you want to permit the request, review and reconfigure the HTTP filtering rule that affects the request.
Modification Type:MajorLast Reviewed:10/5/2006
Keywords:kbISA2006Swept kbFirewall kberrmsg kbprb KB837865 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.