Error “502 proxy error, the request is not supported (50)” while trying to access websites from web proxy clients behind ISA Server 2006
Consider a scenario where users who are part of the internal network of the ISA server and have configured their machines as web proxy clients. When those users are trying to go to certain websites they get error "502 proxy error, the request is not supported (50)" message and they are not able to view the page.
Data collection to resolve the issue
In order to troubleshoot this type of issue, we need to run ISA data packager in repro mode using the Web Proxy and Web Publishing template. The goal is to gather data while the client workstation is having this problem.
Data analysis
In the ISA Logs collected with ISA data packager we see failed connection attempt with result code as 50 as highlighted below (copying only the most relevant part of the log with action and result code).
Failed |
GET |
50 |
http |
Domain\user1 |
In the network traces taken on the external NIC of the ISA server we can see that the http get request is going out as follows with all the headers and their corresponding values in the request sent.
We need to compare the response that the web server sent for this request which is as follows:
In the response, we can see all the headers and their corresponding values; the important header field that was missing in the request sent by the ISA server was “ContentEncoding” which is present in the web server response with value “gzip”. By default ISA server would send this header with values as gzip and deflate but in this case it is not sending that. To find out why ISA server is not sending this header information in the request we need to analyze the BPA report.
ISABPA -> add-ins section -compression filter and verify if compression filter is disabled. Following is the output from the ISABPA when it’s disabled:
Compression Filter
Name =Compression Filter
Version =4.0
Vendor =Microsoft (R) Corporation
Description =Enables HTTP/HTTPS compression
Enable this filter =False
Direction =fpcFilterDirectionBoth
Order =4
Relative Path =comphp.dll
Priority =fpcFilterPriority_High
Vendor Parameters Sets =
PersistentName ={8EA49FDD-FFDC-4190-8A66-724BB0342F9F}
Guid ={8EA49FDD-FFDC-4190-8A66-724BB0342F9F}
Resolution
In such a scenario where compression filter is disabled and web server in its responses send contentencoding http header or sends the compressed response, ISA server would block that response with result code as “The request is not supported(50)” and the end user would get 502 proxy error. To resolve this we need to enable the compression filter.
Author
Suraj Singh
Support Engineer
Microsoft CSS Forefront Security Edge Team
Technical Reviewer
Yuri Diogenes
Sr Support Escalation Engineer
Microsoft CSS Forefront Security Edge Team
Comments
Anonymous
January 01, 2003
as mentioned in this article use ISA data packager(blogs.technet.com/.../using-isabpa-for-proactive-and-reactive-work-with-isa-server-part-2-of-2.aspx) in repro mode(using web proxy template) while doing repro of the issue and look at the ISA Logs(filter by this URL with which you have issue) and then network traces and filter with this hostname and check the getrequest frame and the http headers in the request and http header in the response. comparison of headers might give you insight about the problem you are facing..Anonymous
January 01, 2003
Suraj, could you tell me how did you get the web server response? Is it from ISA BPA records too? thanksAnonymous
June 11, 2010
My isa server 2006's with the compression filter enabled and still access this site when this error occurswww.cglwebtech.com/Login.aspx