Thursday, July 2, 2009

Modify this view page cannot be displayed Error Code : 500 Internal Server (ISA)

Yesterday… we got an interesting issue… When user go and Click SharePoint - View - Modify this view action menu (OR) Modify Column link the browser display following message “The Page cannot be displayed” Error Code : 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)

clip_image002

clip_image004

When I search online, Microsoft support provided me following work around for the issue, configure the Web publishing rule so that it does not block high-bit characters.

1. Start the ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition Management tool.

2. Expand ServerName, where ServerName is the name of your ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition computer.

3. Click Firewall Policy, click the Web publishing rule that you created to publish the Exchange Server computer for access by OWA users, and then click Edit Selected Rule.

4. Click the Traffic tab, click Filtering, and then click Configure HTTP.

5. Click to clear the Block high-bit characters check box, and then click OK two times.

6. Click Apply to update the firewall policy, and then click OK.

But doesn’t solve my problem. Later I found that the issue coming from ISA HTTP Filter policy…. to resolve follow the below steps.

General Tab

The figure shows the default settings on the General tab of the HTTP policy properties

1. Start the ISA Server

2. General tab of the HTTP policy properties

3. Un Check Verify normalization, (Select if you want to block requests with URLs containing escaped characters after normalization.)

clip_image006

According to Tech Net

Web servers receive requests that are URL encoded. This means that certain characters may be replaced with a percent sign (%) followed by a particular number. For example, %20 corresponds to a space, so a request for http://myserver/My%20Dir/My%20File.htm is the same as a request for http://myserver/My Dir/My File.htm. Normalization is the process of decoding URL-encoded requests.
Because the % can be URL encoded, an attacker can submit a carefully crafted request to a server that is basically double-encoded. If this occurs, Internet Information Services (IIS) may accept a request that it would otherwise reject as not valid. When you select Verify Normalization, the HTTP filter normalizes the URL two times. If the URL after the first normalization is different from the URL after the second normalization, the filter rejects the request. This prevents attacks that rely on double-encoded requests.
Note that while we recommend that you use the Verify Normalization function, it may also block legitimate requests that contain a %.

Now we do not have an error.... Hope this information may helps someone…. If yes provide me comments and feedback

No comments: