解决TMG发布网站导致The request was rejected by the HTTP filter

!本文可能 超过1年没有更新,今后内容也许不会被维护或者支持,部分内容可能具有时效性,涉及技术细节或者软件使用方面,本人不保证相应的兼容和可操作性。

看了一下,距离上次发布文章已经有好长时间,主要是被项目搞得够呛,今天也有闲暇时间,正好把上次部署项目时遇到的一个问题简单的叙述下。

按照客户需求采用Forefront TMG 2010发布网站,实际的Web Server是建立在Hyper-V虚拟机上的,然后所有的访问受到TMG网关防火墙的过滤,我按照正常流程建立了网站发布规则,网站基本能正常访问,但感觉略慢些,估计是受到防火墙过滤的因素,没过多长时间,客户反应网站系统无法登录,登录时显示 The page cannot be displayed的错误。核心的错误提示消息是Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter,具体的错误如下:

The page cannot be displayed

Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

——————————————————————————–

Try the following:
?Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
?Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
?Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.

——————————————————————————–

Technical Information (for support personnel)
?Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)

The page cannot be displayed

开始以为是网站本身服务器的问题,结果内网测试正常,经过排查发现原来是TMG防火墙的问题。搜索网络后找到这么一篇微软的技术文章《You receive a “The request was rejected by the HTTP Security filter” error message when you try to open a message from an Exchange Server that is published in ISA Server and in Microsoft Forefront Threat Management Gateway, Medium Business Edition》,初步了解了原因:默认的Web发布规则被配置为阻止高位字符。我这时注意到出错的URL,访问页面有个很长的?redirect_to=...来源查询参数,如果去掉这个查询参数则页面正常,看来还是要修改TMG的配置。

参考微软的技术文章,我所做的修改如下:

Web Access PolicyConfigure HTTPURL Protection

去掉了阻止高位选项的勾,然后增长了URL和查询字串的可接受长度,至此问题解决!

若无特别说明,本网站文章均为原创,原则上这些文章不允许转载,但是如果阁下是出于研究学习目的可以转载到阁下的个人博客或者主页,转载遵循创作共同性“署名-非商业性使用-相同方式共享”原则,请转载时注明作者出处谢绝商业性、非署名、采集站、垃圾站或者纯粹为了流量的转载。谢谢合作!

请稍后...

发表评论

电子邮件地址不会被公开。 必填项已用*标注