Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 1484 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Content Decoding failing in Unlayer through Sophos UTM

Markus Quirmbach

Hi Everyone!

Our development team uses Unlayer to bind pictures/images from one (source) website onto another (target) website via iframe. Unfortunately, Unlayer cannot work with source websites behind a Sophos UTM. Every other source works fine.

The source website is behind our Sophos UTM firewall and published through the WAF. Even if I deactivate all firewall profile features Unlayer is not working. But if I just create a DNAT rule from internet-https to webserver-https it starts working. As this negates all security features of the UTM this is no solution for us.

The error message we receive form Unlayer is "ERR_CONTENT_DECODING_FAILED". The Response Header shows "Content-Encoding: gzip". When I activate the DNAT rule the error is gone and there is no "Content Encoding" in the response headers. I hope this is not too confusing. ;)

Any ideas why this is happening and how to resolve this? Is there a workaround?

Thanks!



This thread was automatically locked due to age.
Parents

  • Hi Everyone!

    I finally received an answer from Sophos support. Their suggestion is also to simply deactivate compression support.

    They add the following:

    So the Compression feature is helpful in reducing the number of packets required to communicate or complete the session, the drawback is that it will required resources (RAM/CPU) for compression and decompression.

    Compression will only come into the picture, When clients request compressed data, the Firewall/Server then will send data in compressed form. 

    In some cases further compressing files may cause them to not work properly so disabling the option will give more proper communication. 

    There is no major effect on enabling or disabling the compression other than it save some bandwidth or in actual data required to load a site. If the client is having a very low bandwidth then only they fill the access is slow otherwise with the currently available bandwidths through ISP usually this won't affect much.

    As we are not facing any issues with deactivated compression so far, I think this solution works flawlessly.

    Thanks again you all!

    Best regards,

      Markus

Reply

  • Hi Everyone!

    I finally received an answer from Sophos support. Their suggestion is also to simply deactivate compression support.

    They add the following:

    So the Compression feature is helpful in reducing the number of packets required to communicate or complete the session, the drawback is that it will required resources (RAM/CPU) for compression and decompression.

    Compression will only come into the picture, When clients request compressed data, the Firewall/Server then will send data in compressed form. 

    In some cases further compressing files may cause them to not work properly so disabling the option will give more proper communication. 

    There is no major effect on enabling or disabling the compression other than it save some bandwidth or in actual data required to load a site. If the client is having a very low bandwidth then only they fill the access is slow otherwise with the currently available bandwidths through ISP usually this won't affect much.

    As we are not facing any issues with deactivated compression so far, I think this solution works flawlessly.

    Thanks again you all!

    Best regards,

      Markus

Children
No Data
Unfiltered HTML