Consider the scenario:

1.       IE 7.0 is configured as a Web Proxy client.

2.       IE 7.0 accesses an FTP site through ISA Server 2004 or ISA Server 2006 Web Proxy.

3.       The FTP url contains user credentials to authenticate to the FTP site.

 

Under this scenario, the FTP request may fail if the credentials contain characters which need encoding. For example, the less-than sign (<) is encoded as %3c.

IE 7.0 may use double encoding, thus converting the less-than sign to %253c. ISA Server cannot handle this encoding scheme when authenticating to a FTP server.

 

There are three different workarounds which can be applied to solve this problem:

 

1.       Do not use special characters in the FTP username or password that are double encoded by IE 7.0.

2.       Access FTP from SecureNAT or Firewall Client instead of through Web Proxy.

3.       Install the IE 7.0 hotfix from http://support.microsoft.com/kb/932562/en-us . With this hotfix IE 7.0 will not use double encode.

 

Thanks to Steve Frode Nabseth for helping with this.

 

Doron Juster

ISA Server sustained engineering group.