The other day I was working on my Microsoft Office SharePoint Server (MOSS) 2007 and discovered that when I clicked on a new content type that I created, it gave me the following error in my browser.
Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator.
First I looked at various settings on my SharePoint server just to make sure that everything was in order. I couldn’t find anything suspicious on the server so I proceeded to the next step and looked into the error message. The error indicated that my request was rejected by the HTTP filter so I knew I have to troubleshoot the problem on my ISA Server 2006 which filters the HTTP requests. After doing a little bit of research I discovered that clearing the option to verify normalization might help solve my problem, and luckily it did. Normalization is the process of decoding URL-encoded requests. By clearing this option, I would not be blocking requests with URLs that contain escaped characters after normalization. Here’s the step-by-step procedure.

If you are curious about the verify normalization option, here’s some more information from Microsoft TechNet.
Web servers receive requests that are URL encoded. This means that certain characters may be replaced with a percent sign (%) followed by a particular number. For example, %20 corresponds to a space, so a request for http://myserver/My%20Dir/My%20File.htm is the same as a request for http://myserver/My Dir/My File.htm. Normalization is the process of decoding URL-encoded requests.
Because the % can be URL encoded, an attacker can submit a carefully crafted request to a server that is basically double-encoded. If this occurs, Internet Information Services (IIS) may accept a request that it would otherwise reject as not valid. When you select Verify Normalization, the HTTP filter normalizes the URL two times. If the URL after the first normalization is different from the URL after the second normalization, the filter rejects the request. This prevents attacks that rely on double-encoded requests.
Note that while we recommend that you use the Verify Normalization function, it may also block legitimate requests that contain a %.
Best Practices
My students are always asking me where to get the evaluation copies of various Microsoft products. I’ve put together a list of some of the latest software evaluation downloads. My goal is to try and keep this list updated but frankly it is going to be challenging because Microsoft is known for changing the URLs without any redirection. Here is a list of either free or trial editions of some of the popular Microsoft products. A typical Microsoft evaluation software includes a 180-day trial but some are limited to 60 or 90 days.
WARNING! I should warn you that sometimes when you download a trial software you may think that you are opting out of receiving phone calls and e-mails from Microsoft but you are not. For more information read my blog post: When Microsoft Says No, It May Mean Yes.
Microsoft offers more free products to consumers than any software manufacturer I know. And I am not talking about free evaluation software, I am talking about free tools, utilities and various products and services. Besides software, Microsoft offers these free TechNet and MSDN labs. These are a series of guided, hands-on labs which can be completed in 90 minutes or less. SharePoint Foundation 2010, which I included in the above list for convenience, is a free product from Microsoft. In the past, it was known as Windows SharePoint Services (WSS).
Last Updated: May 27, 2011
Microsoft ISA Server blog has posted an article on this topic that goes into details on how to deal with this issue of not being able to check out a document in MOSS 2007. Here’s an excerpt:
“Troubleshooting SharePoint/MOSS 2007 publishing through ISA Server can be really challenging, mainly because most of the times the argument is: but it works just fine internally. Although this can be a good argument it doesn’t prove that the issue is on ISA Sever. The reason why it doesn’t prove is because most of the time while publishing MOSS 2007 through ISA Server 2006 the Alternate Access Mappings is controlled by MOSS. This is a key element in this type of publishing scenario, so before we move further on this issue I strong recommend you to read the following article: Plan alternate access mappings (Office SharePoint Server). This article has all the concepts that you need to plan your AAM without hurting your publishing rule through ISA Server.”
Read the rest of the article here.
If you’ve configured your SharePoint site with a specific URL (host header), e.g. http://webportal and then later decided that you want to change it to another URL, such as sharepoint.seattlepro.com, you can use the Alternate Access Mapping feature of Microsoft Office SharePoint Server (MOSS) 2007. Here’s how.
1. Start SharePoint 3.0 Central Administration.
2. Click on the Operations tab.
3. Under Global Configuration section click on Alternate access mappings.
4. Click on Show All in the upper right-hand corner and then click on Change Alternate Access Mapping Collection.
5. From Select An Alternate Access Mapping Collection window, click the URL that you would like to change, e.g. http://webportal.
6. Click Edit Public URLs.
7. Change the URL listed in the Default box to the one you want. For example, change it from http://webportal to http://sharepoint.seattlepro.com.

8. Click Save.
9. The next step is to update the information in Internet Information Services (IIS). Start IIS Manager. In our example, we will assume you are running IIS 7.
10. Highlight the Web site whose URL you want to change.
11. In the Actions pane click Bindings (or right-click the Web site and select Edit Bindings).
12. Highlight the entry in the Edit Site Binding window and then click Edit.
13. In the Host Name box enter the new URL that you would like to use. For example, sharepoint.seattlepro.com.

14. Click OK, then click Close.
15. Go to the command prompt and run iisreset to restart Internet services.
16. You should now be able to use the new host header and access the site with the new URL (e.g. http://sharepoint.seattlepro.com).
NOTE: If your Web site needs to be accessible from the Internet and you are using Microsoft ISA Server, or another firewall, you need to make sure that you update the DNS server and the ISA Server rule that allows you to access the Web site from the external network. For example, you need to add a host record for sharepoint.seattlepro.com in a DNS server that is accessible from the Internet and add the URL sharepoint.seattlepro.com on the Public Name tab of the ISA Server rule that is publishing the Web site.
Using Alernate Access Mapping to Configure a Different URL for Internal Use
If you want to use a different URL for the intranet site internally (e.g. http//intranet), you can add that URL in step 6. On the Alternate Access Mappings page, instead of clicking on Edit Public URLs, click on the link Add Internal URLs. In the Add Internal URL box type the URL that you want to add, e.g. http://intranet, then click Save. You still need to go to IIS Manager and in step 13 add a Site Binding for intranet. Your site bindings will look like this. Notice that you don’t need to type http:// in the Host Name box. Simply type the host header that you want to use (in our case its intranet).
Make sure you don’t forget step 15 after modifying the bindings. That’s it. Now your users can access the intranet site internally by typing http://intranet and externally by typing http://intranet.seattlepro.com.
This is one of many examples of how Alternate Access Mappings can be used in MOSS 2007. It demonstrates how the end user may type a different URL to access the site then the URL that is received by the Internet Information Services (IIS). With Alternate Access Mapping you can also associate multiple internal URLs with a single public URL, using one of 5 different authentication zones: Default, Intranet, Internet, Custom, and Extranet.
I am working on securing the entire network for one of my clients. I ran into this article on TechNet that targets the specific area of extranet and how you can best secure it. The article is full of valuable information for securing your extranet environment and is called Plan security hardening for extranet environments.
Part of the article discusses this extranet hardening tool that’s offered by Microsoft. It’s called Extranet hardening planning tool: back-to-back perimeter (http://go.microsoft.com/fwlink/?LinkId=85533&clcid=0×409).
The tool will help you figure out which ports are required for our ISA Server, routers and firewalls. This tool is a Microsoft Office Visio file that you can edit to customize for your own environment. For example, here are some things that you can do with this tool:
Contact E-mail | Terms of Use | Privacy Policy
Copyright ©2010 Zubair Alexander. All rights reserved.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jan | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
25 queries. 0.389 seconds