HTTP security filtering using ISA Server 2004

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

After you have created the Web publishing rule, you must change the HTTP security filter setting. The HTTP filter screens all incoming Web requests to the ISA Server computer, and only allows requests that comply with the restrictions configured by the ISA Server administrator.

For example, the Verify Normalization feature (enabled by default) specifies that requests with URLs that contain escape characters after normalization will be blocked. Escaped characters include, but are not limited to, the percent sign (%) and space character (). If this feature is enabled, SharePoint document libraries will fail. URLs for document libraries and files uploaded and downloaded include non-standard characters such as the percent sign (%).

Configure HTTP filtering

  1. Right-click the Web publishing rule you created, and select Configure HTTP .

  2. On the General tab, clear the Verify normalization check box.

  3. If you are using a language containing high bit characters (for example, the umlaut in German) you should also clear the Block high bit characters check box.

Caution: The Verify normalization and Block high bit characters features are meant to address potential security exploits. When you turn off these features in ISA Server, you are potentially creating an opening for malicious users.

Note: For more information about the process of creating an access rule and the choices you can make during this process, see the ISA Server 2004 documentation .