While trying to load Microsoft Office help files from any Office Application you receive the error: Request Error (invalid_request)

book

Article ID: 167744

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 

  • You have a coaching page enabled on the ProxySG (Notify User)
  • You cannot load the help pages from within Microsoft Office.
  • During loading of the help files, you are prompted to 'Accept' the notify page.
  • After accepting the Notify page, you are receiving the error message:  Request Error (invalid_request) Your request could not be processed. Either 'deny' or 'exception' was matched in policy. This could be caused by a mis-configuration, or possibly a malformed request.

After clicking Accept during the notify process, Microsoft Office loads a new web browser window. When this occurs, the "Referer" header is lost, which is required for the 'Notify User' process to complete successfully:

Failed HTTP request from Microsoft Office:

GET http://notify.bluecoat.com/accepted-NotifyUser2?http/office.microsoft.com/aHR0cDovL29mZmljZS5taWNyb3NvZnQuY29tL2NsaWVudC9oZWxwaG9tZS5hc3B4P05TPVdJTldPUkQmVkVSU0lPTj0xMiZMQ0lEPTEwMzMmU1lTTENJRD0yMDU3JlVJTENJRD0xMDMz HTTP/1.1
Accept: */*
Accept-Language: en-gb
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; M--RTC LM 8; .NET4.0C; .NET4.0E)
Host: notify.bluecoat.com
Proxy-Connection: Keep-Alive

Working HTTP request from a standard browser:

GET http://notify.bluecoat.com/accepted-NotifyUser2?http/office.microsoft.com/aHR0cDovL29mZmljZS5taWNyb3NvZnQuY29tL2NsaWVudC9oZWxwaG9tZS5hc3B4P05TPVdJTldPUkQmVkVSU0lPTj0xMiZMQ0lEPTEwMzMmU1lTTENJRD0yMDU3JlVJTENJRD0xMDMz HTTP/1.1
Host: notify.bluecoat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://notify.bluecoat.com/notify-NotifyUser2?http/office.microsoft.com/aHR0cDovL29mZmljZS5taWNyb3NvZnQuY29tL2NsaWVudC9oZWxwaG9tZS5hc3B4P05TPVdJTldPUkQmVkVSU0lPTj0xMiZMQ0lEPTEwMzMmU1lTTENJRD0yMDU3JlVJTENJRD0xMDMz

 

Resolution


Without this required referer header being passed by Microsoft Office to the new browser window, the coaching page will fail.

To resolve the issue, you must bypass the 'Notify user' rules for:  office.microsoft.com

Below is an example of what this should look like in your VPM:

 

The reason for setting Action to None is to stop the policy from affecting any other policies. 

When loading the Office help files, policy evaluation will match rule1, but not apply any decision making process. However, it will stop the evaluation from reaching the NotifyUser rule on line 2.

Attempting to bypass the Notify user by using a User-Agent instead will fail as the User-Agent changes during the loading process of the help files.

 

 

 

Attachments