Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You Are Denied Access to a Destination Set When You Use Site and Content Rules

You Are Denied Access to a Destination Set When You Use Site and Content Rules

View products that this article applies to.

This article was previously published under Q295089

↑ Back to the top

Symptoms

When you use a Site and Content rule that allows you to gain access to a selected destination set, if that destination set contains both a domain name and an Internet Protocol (IP) address, you can gain access to either that domain name or that IP address.

However, when you create a Site and Content Allow rule, and then create a Site and Content Deny rule that denies access to all destinations except a selected set, if you specify the destination set that is used in the Site and Content Allow rule, you are denied access to either the domain or the IP address that you specified in the Site and Content Allow rule. In addition, you may receive the following error message in your Web browser:
HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource Locator (URL).
(12202) Internet Security and Acceleration Server
If you create a Site and Content Deny rule that contains a redirect action for Hypertext Transfer Protocol (HTTP) requests, you do not receive the preceding error message. Instead, you are redirected to the custom deny page.

↑ Back to the top

Cause

This issue can occur because when you use the All destinations except selected set setting in a Site and Content rule, Internet Security and Acceleration (ISA) Server incorrectly processes only the IP addresses in the destination set. As a result, the Site and Content Deny rule matches the Site and Content Allow rule under certain conditions. When the Site and Content Deny rule matches the Site and Content Allow rule, your request to gain access to the destination set is denied.

↑ Back to the top

Resolution

To resolve this problem, obtain the latest service pack for ISA Server 2000. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
313139� How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was corrected in Internet Security and Acceleration Server Service Pack 1.

↑ Back to the top

More information

This problem occurs only if you have a combination of domain names and IP addresses in the destination set, and if you use the All destinations except selected set setting in a Site and Content rule combination. If you use only domain names in your destination sets, this problem does not occur.

↑ Back to the top

Keywords: KB295089, kbfix, kbbug

↑ Back to the top

Article Info
Article ID : 295089
Revision : 2
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 246