Error 500 “Not Supported” while browsing Internet through ISA Server 2006

  • Article

1. Introduction

 

This post is about a specific condition that can triggers the “Not Supported” error while browsing some web sites through ISA Server. The error message that the end users receives is similar to the one shown below:

 

 

 

The ISA Diagnostic Logging will not say much beyond that but if you enable you can see the following error:

ISA Server rejected the request with the HTTP status code 0 and will return the following error message to the Web client. \""The request is not supported. \"""

9/30/2009 1:25:21 PM ISA Server Diagnostics Information None 30107 N/A SRVISA "Date and time: 09/30/2009-14:25:21.039

Packet context: 0cc48f30 0cc4908e

Log source: Web Proxy

The data gathering for this scenario should be done by using ISA Data Packager in repro mode with the Web Proxy & Web Publishing template.

2. Understanding the Behavior

The condition that triggers this specific error can happens when the client workstation sends a HTTP GET request that doesn’t say that the content can be encoded and the destination server responds with the Content-Encoding header in the HTTP Response. Here it is a sample of this trace:

1) Client sends the request to access a web page through ISA Server:

2009-09-30 16:24:02.187193 ISAExternalNIC DestinationWebSRV HTTP GET /shopping/navigate.do?catg=5328 HTTP/1.1

Hypertext Transfer Protocol

GET /shopping/navigate.do?catg=5328 HTTP/1.1\r\n

Request Method: GET

Request URI: /shopping/navigate.do?catg=5328

Request Version: HTTP/1.1

Via: 1.1 ISACONTOSO\r\n

Cookie:

2) Destination Web Server responds with:

2009-09-30 16:24:02.484068 DestinationWebSRV ISAExternalNIC HTTP HTTP/1.1 302 Moved Temporarily (text/html)

Hypertext Transfer Protocol

HTTP/1.1 302 Moved Temporarily\r\n

Request Version: HTTP/1.1

Response Code: 302

Server: WEB_Server\r\n

Location: http://www.fabrikam.com/shopping/navigate.do?catg=607\r\n

Content-Encoding: gzip\r\n

Content-Type: text/html;charset=UTF-8\r\n

Content-Language: en-US\r\n

Date: Wed, 30 Sep 2009 20:24:01 GMT\r\n

Transfer-Encoding: chunked\r\n

Connection: keep-alive\r\n

Connection: Transfer-Encoding\r\n

\r\n

HTTP chunked response

After that ISA resets the request and shows the error message (“The request is not supported”) to the client. This specific behavior happens when the compression filters (compression filter/caching compressed content Filter) are disabled. The compression filters will block the request since the client did not indicate in the request message that it does support gzip compression. Since the web server returned the content compressed the ISA server needs to discard the request.

3. How to change this Behavior?

This behavior can be changed by executing the script showed in KB927263 for forward proxy scenario that matches this condition when those filters are disabled. If the scenario is reverser proxy then you can use SendAcceptEncodingHeader property.

Authors

Yuri Diogenes

Sr Security Support Escalation Engineer

Microsoft CSS Forefront Edge Team

Thomas Detzner

Escalation Engineer

Microsoft CSS Forefront Edge Team