提醒:本页面将不再更新、维护或者支持,文章、评论所叙述内容存在时效性,涉及技术细节或者软件使用方面不保证能够完全有效可操作,请谨慎参考!

看了一下,距离上次发布文章已经有好长时间,主要是被项目搞得够呛,今天也有闲暇时间,正好把上次部署项目时遇到的一个问题简单的叙述下。

按照客户需求采用Forefront TMG 2010发布网站,实际的Web Server是建立在Hyper-V虚拟机上的,然后所有的访问受到TMG网关防火墙的过滤,我按照正常流程建立了网站发布规则,网站基本能正常访问,但感觉略慢些,估计是受到防火墙过滤的因素,没过多长时间,客户反应网站系统无法登录,登录时显示 The page cannot be displayed的错误。核心的错误提示消息是 Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter ,具体的错误如下:

The page cannot be displayed Explanation: There is a problem with the page you are trying to reach and it cannot be displayed. -------------------------------------------------------------------------------- Try the following: ?Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion. ?Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped. ?Access from a link: If there is a link to the page you are looking for, try accessing the page from that link. -------------------------------------------------------------------------------- Technical Information (for support personnel) ?Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)
The page cannot be displayed

开始以为是网站本身服务器的问题,结果内网测试正常,经过排查发现原来是TMG防火墙的问题。搜索网络后找到这么一篇微软的技术文章 《You receive a "The request was rejected by the HTTP Security filter" error message when you try to open a message from an Exchange Server that is published in ISA Server and in Microsoft Forefront Threat Management Gateway, Medium Business Edition》 ,初步了解了原因:默认的Web发布规则被配置为阻止高位字符。我这时注意到出错的URL,访问页面有个很长的 ?redirect_to=... 来源查询参数,如果去掉这个查询参数则页面正常,看来还是要修改TMG的配置。

参考微软的技术文章,我所做的修改如下:

Web Access Policy Configure HTTP URL Protection

去掉了阻止高位选项的勾,然后增长了URL和查询字串的可接受长度,至此问题解决!