Wednesday, 11 June 2008

HTTP Filter Settings for Microsoft Office SharePoint Server (MOSS) 2007

Following on from the HTTP Filter Settings for Microsoft Exchange Server 2007 blog entry it is possible to apply the same theory to other web-based applications. A common example for this is Microsoft Office SharePoint Server (MOSS) 2007 which can benefit from the same HTTP filter security advantages as Exchange 2007 when published behind ISA Server.

Again, by looking at the the policies defined within the default application optimisers of Microsoft Intelligent Application Gateway 2007 (which are supported) it is possible to determine that the following HTTP methods allow list should be sufficient for correct MOSS 2007 operation:

  • PROPFIND
  • OPTIONS
  • HEAD
  • POST
  • GET

Based upon the parameters defined in the above allow list, it is therefore possible to define a HTTPFilterConfig XML policy as follows:

MOSS HTTP Filter XML Policy

<Configuration BlockExecutables="false" ViaHeaderAction="0" NewViaHeaderValue="" ServerHeaderAction="0" NewServerHeaderValue="" MaxRequestBodyLen="-1"><UrlValidation NormalizeBeforeScan="true" VerifyNormalization="false" AllowHighBitCharacters="true" BlockDotInPath="false" MaxLength="10240" MaxQueryLength="10240"><Extensions AllowCondition="0"></Extensions></UrlValidation><Verbs AllowCondition="1">tion=""/><Verb Value="PROPFIND" Description=""/><Verb Value="OPTIONS" Description=""/><Verb Value="HEAD" Description=""/><Verb Value="POST" Description=""/><Verb Value="GET" Description=""/></Verbs><RequestHeaders/><ResponseHeaders/><DeniedSignatures></DeniedSignatures></Configuration>

You simply need to copy and paste the above text into notepad and save the file as MOSS2007Policy.xml or something similarly descriptive.

Once applied (using the same HTTPFilterConfig.vbs script as described
previously) the HTTP filter configuration can be viewed by right-clicking on the respective firewall policy rule defined during the HTTPFilterConfig import and selecting the Configure HTTP option. If imported correctly, you should see the following:

HTTP Methods for MOSS 2007


Keep posted for further articles on troubleshooting the HTTP Filter, once it has been configured...

1 comment:

  1. I been searching for http filtering and then google brought me to your site. Thanks for this information I will bookmark your site and visit it from time to time.

    ReplyDelete