Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition includes the host header together with the port number of the Web server after you publish a Web site

ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition includes the host header together with the port number of the Web server after you publish a Web site

View products that this article applies to.

Symptoms

After you use Microsoft Internet Security and Acceleration (ISA) Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition to publish a Web site, you experience the following symptoms:
  • A client computer may submit an HTTP request that contains the host header of the Web server. However, this request does not contain the port number of the Web server.
  • ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits the request to the published Web server. However, this request contains the host header together with the port number of the Web server.
If the Web application that is running on the Web server does not expect the host header to include the port number, the Web application may generate an error.

↑ Back to the top

Cause

This problem occurs if the following conditions are true:
  • You publish the Web site as a secure Web site. In this situation, you only expose the HTTPS interface to client computers.
  • The Web site publishing rule bridges HTTPS traffic to HTTP traffic. This means that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition accesses the Web server by using the HTTP protocol.
  • The Web publishing rule has the Forward the original host header instead of the actual one option enabled.
In this scenario, the host header that ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition submits in the HTTP request has the following format:
Host: www.contoso.com:443
This behavior occurs even if the host header in the client computer's HTTPS request has the following format:
Host: www.contoso.com

↑ Back to the top

Resolution

To resolve this problem, install the update that is mentioned in the following Microsoft Knowledge Base article:
925403 Update is available that supports publishing Microsoft Exchange Server 2007 behind Internet Security and Acceleration (ISA) Server 2006
After you install this update, run the following Microsoft Visual Basic script to enable the functionality that is described in this article.

Note You must install update 925403 before you run this script.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  1. Start a text editor, such as Notepad.
  2. Paste the following code into the text editor window.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "SendUnmodifiedOriginalHostHeader"
Const SE_VPS_VALUE = true

Sub SetValue()

    ' Create the root object.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")

    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object

    ' Get references to the array object
    ' and the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets

    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )

    If Err.Number <> 0 Then
        Err.Clear

        ' Add the item
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo "New VendorSet added... " & VendorSet.Name

    Else
        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
    End If

    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

        Err.Clear
        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

        If Err.Number <> 0 Then
            CheckError
        Else
            VendorSets.Save false, true
            CheckError

            If Err.Number = 0 Then
                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
            End If
        End If
    Else
        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
    End If

End Sub

Sub CheckError()

    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If

End Sub

SetValue
  3. Save the file by using the .vbs file name extension. For example, save the file as SendUnmodifiedOriginalHostHeader.vbs.
  4. Copy the .vbs file to the computer that is running ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition, and then double-click the file to run it.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

A request header that has the following form is a legitimate header:
Host: www.contoso.com:443
This form is defined in section 14.23 of RFC 2616. The problem that this article resolves occurs if the following conditions are true:
  • ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges HTTPS to HTTP.
  • The Web application expects a host header without a port number.
In this scenario, the client computer sent the host header without specifying the port. However, ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition adds the port number when ISA Server 2006 or Microsoft Forefront Threat Management Gateway, Medium Business Edition bridges the traffic from HTTPS to HTTP.

For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: KB925287, kbpubtypekc, kbfix, kbbug, kbfirewall, kbtshoot

↑ Back to the top

Article Info
Article ID : 925287
Revision : 3
Created on : 11/17/2008
Published on : 11/17/2008
Exists online : False
Views : 444