Don't Use Google for ISA Health Checks

Thursday, August 30, 2007
Have you or your users run across the following lately when accessing Google?

403 Forbidden

Google

We're sorry......

but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected. We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.

The trouble may not be a virus or spyware, it may be your ISA server. One of the features that ISA server offers is HTTP health checks. This allows you to configure a web address that ISA will access on a regular basis and alert you if the response time exceeds the configured threshold.

Google must be getting hit hard with spybots that frequently hit their network. They've taken steps to monitor repetitive access to the same page from a single source IP. When they detect this, they serve up the page above with something akin to CAPTCHA to ensure that a real human is accessing Google and allow you to continue your search.

If this is happening to you, it may be because you've configured your health checks to target Google. Reconfigure your proxy server's HTTP health checks to use another site.