Publishing PRTG Network Monitor through TMG 2010

I encountered an issue where certain graphs would not display at all when accessing PRTG Network Monitor 8.4.1.2282 on the outside of a Microsoft TMG 2010 firewall, and an error would be displayed every minute or so when I was connected to the site. If I accessed the PRTG site on the inside of the firewall, all graphs were displayed fine and no errors were shown.

The error displayed in the web browser was:

From the TMG logs I could see some http traffic getting blocked and the following error recorded:

Blocked by the HTTP Security filter: URL normalization was not complete after one pass

Upon identifying the error, I figured that it was related to one of the HTTP filtering settings on the publishing rule that publishes the site through TMG. On the Traffic tab for the rule in TMG, select the Filtering -> Configure HTTP button to display the following page:

To fix the problem I turned off the Verify Normalization setting which changes the way TMG handles URLs with a lot of escaped characters such as % (which was heavily used in some of the PRTG Network Monitor web pages having problems).

A description of the Verify Normalization feature can be found on this page : http://technet.microsoft.com/en-us/library/cc302627.aspx

I assume this problem would exist on ISA 2004/2006 in addition to TMG 2010 as they all operate in a similar way.

This entry was posted in Microsoft Server. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>