Error “502 proxy error, the request is not supported (50)” while trying to access websites from web proxy clients behind ISA Server 2006

Consider a scenario where users who are part of the internal network of the ISA server and have configured their machines as web proxy clients. When those users are trying to go to certain websites they get error "502 proxy error, the request is not supported (50)" message and they are not able to view the page.

Data collection to resolve the issue

In order to troubleshoot this type of issue, we need to run ISA data packager in repro mode using the Web Proxy and Web Publishing template. The goal is to gather data while the client workstation is having this problem.

Data analysis

In the ISA Logs collected with ISA data packager we see failed connection attempt with result code as 50 as highlighted below (copying only the most relevant part of the log with action and result code).

Failed

www.contoso.com

GET

50

http://www.contoso.com/abc/xyz.html

http

Domain\user1

In the network traces taken on the external NIC of the ISA server we can see that the http get request is going out as follows with all the headers and their corresponding values in the request sent.

image

We need to compare the response that the web server sent for this request which is as follows:

image

In the response, we can see all the headers and their corresponding values; the important header field that was missing in the request sent by the ISA server was “ContentEncoding” which is present in the web server response with value “gzip”. By default ISA server would send this header with values as gzip and deflate but in this case it is not sending that. To find out why ISA server is not sending this header information in the request we need to analyze the BPA report.

ISABPA -> add-ins section -compression filter and verify if compression filter is disabled. Following is the output from the ISABPA when it’s disabled:

Compression Filter
Name =Compression Filter
Version =4.0
Vendor =Microsoft (R) Corporation
Description =Enables HTTP/HTTPS compression
Enable this filter =False
Direction =fpcFilterDirectionBoth
Order =4
Relative Path =comphp.dll
Priority =fpcFilterPriority_High
Vendor Parameters Sets =
PersistentName ={8EA49FDD-FFDC-4190-8A66-724BB0342F9F}
Guid ={8EA49FDD-FFDC-4190-8A66-724BB0342F9F}

 

Resolution

In such a scenario where compression filter is disabled and web server in its responses send contentencoding http header or sends the compressed response, ISA server would block that response with result code as “The request is not supported(50)” and the end user would get 502 proxy error. To resolve this we need to enable the compression filter.

 

Author

Suraj Singh

Support Engineer

Microsoft CSS Forefront Security Edge Team

Technical Reviewer

Yuri Diogenes

Sr Support Escalation Engineer

Microsoft CSS Forefront Security Edge Team