Principales respuestas
The HTTP request includes a non-supported header

Pregunta
-
hola que tal estimados, junto con saludarlos queria consultarles lo siguiente:
Tengo un ISA Server 2004 SP2 el cual no tiene ninguna regla o filtro pero igual sigue filtrando una pagina en php. arroja este error:
Error Code: 502 Proxy Error. The HTTP request includes a non-supported header. Contact your ISA Server administrator. (12156)
IP Address: 64.207.157.69
Date: 12/12/2006 4:04:45 PM
Server: srwin3k02.acme.cl
Source: proxy
He probado con algunos KB que indican que hay que instalar un hotfix que es por problema de diseño pero no ha habido resultados, alguien me puede orientar como proseguir para ver alguna posiblidad de que no bloquee esta pagina.
atte
Pablo araya
Respuestas
-
Saludos Estimados Guru de ISA Server,
Este es mi primer posting en este foro, y de acuerdo a lo leido, mi ISA server tenia un problema con 502 Proxy Error con un "The HTTP request includes a non-supported Header" gracias a sus comentarios y sugerencias logramos solucionar el problema instalado el parche ISA2004EE-KB916106-x86-ENU.msp
Me funciono de maravilla dicho parche y resolvio los problemas que tenia accesando a la pagina http://a4esl.org/.
Gracias
- Marcado como respuesta Ismael Borche lunes, 4 de abril de 2011 20:44
Todas las respuestas
-
Este parche arregla el problema:
http://support.microsoft.com/?kbid=916106
Esta es la explicación:
ISA responds to a request with "Error Code: 502 Proxy Error. The HTTP request includes a non-supported header. Contact your ISA
Server administrator. (12156)".
The likely reason for the behavior you're seeing in this case is that new logic that was added in ISA 2004 SP2 to mitigate HTTP
request smuggling. The process for this attack is a bit involved and a whitepaper on the subject is available here:
https://www.watchfire.com/securearea/whitepapers.aspx
RFC-2616 defines two headers; "content-length" and "transfer-encoding: chunked" for the same purpose; that of providing quantitative
content validation for the receiver and states *very clearly* that the server MUST NOT combine them in the same response. If the
server is configured such that it does violate this edict, RFC-2616 then requires the receiving entity to ignore the content-length
value and instead use the chunked-encoding technique to validate the length of the HTTP body. This places a processing burden on the
receiving entity (ISA, in this case), since a chunked-encoded transfer can't be quantitatively validated until the transfer is
completed. In the case of a proxy, additional processing is imposed due to caching behavior that may be dependent on content-size.
The reason those sites are either failing outright (www.delta.com) or rendering poorly (www.sun.com) is because we chose to reject
those responses entirely. Since RFC-2616 clearly states "don't combine those headers" and doing so is a demonstrably malicious act,
it seemed unlikely that ISA would cause problems for any other than malicious sites, and in fact, our testing validated this belief.
As it turns out, there are quite a few legitimate sites out there that violate this part of RFC-2616 and so we have had to rethink
our answer to this problem.
--
--
Jim Harrison [ISA SE] -
-
-
al ingresar a la pagina con un user y pass, bajar un softwae del estudiante..es un archivo .exe y ahi arroja el error mencionado, con otras descargas no ocurre.
al probarlo en servidor con isa server 2000 no ocurre este problema, baja sin problemas el archivo.
atte
paraya
-
El parche indicado arregla el problema del RFC-2616 que devuelve el error "Error Code: 502 Proxy Error. The HTTP request includes a non-supported header. Contact your ISA
Server administrator. (12156)".
No hay otro parche posterior. Haz reiniciado tu ISA después de haber aplicado el parche? Esta tu ISA con los últimos parches de update.microsoft.com?
Para ayudarte, es necesario reproducir el problema -
si, estimado se ha reiniciado el servidor y ademas tiene los ultimos update..
los datos de la pagina son
user:11201
pass:vivero
Se conecta a sitio, en la columna Secciones ir a Bajar software del estudiante y en el paso 1 hacer clic.
y ahi aparece el famoso error....
Network Access Message: The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
If you are still not able to view the requested page, try contacting your administrator or Helpdesk.
Technical Information (for support personnel)
Error Code: 502 Proxy Error. The HTTP request includes a non-supported header. Contact your ISA Server administrator. (12156)
IP Address: 64.207.157.69
Date: 12/12/2006 4:04:45 PM
Server: srwin3k02.acme.cl
Source: proxy
-
-
-
-
-
Saludos Estimados Guru de ISA Server,
Este es mi primer posting en este foro, y de acuerdo a lo leido, mi ISA server tenia un problema con 502 Proxy Error con un "The HTTP request includes a non-supported Header" gracias a sus comentarios y sugerencias logramos solucionar el problema instalado el parche ISA2004EE-KB916106-x86-ENU.msp
Me funciono de maravilla dicho parche y resolvio los problemas que tenia accesando a la pagina http://a4esl.org/.
Gracias
- Marcado como respuesta Ismael Borche lunes, 4 de abril de 2011 20:44