This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Gzip compressed JSON data HTTP delivery and decompression issue

One of our client is using Sophos Security software. They are experiencing a peculiar issue with our web applications. Our static web application is deployed on a server but a few JSON format data file arrives from an external AWS S3 bucket. The JSON files are GZIP encoded.

The Metadata properties of these gzipped json files are set the following way:
- Content-Encoding : gzip
- Content-Type : application/json

The bucket's CORS policy is set properly.

Interestingly, the json.gzip arrives and don't get rejected (HTTP 200). The problem is definitely with the decompression of the gzip. As I tested (without Sophos) every standard browser decompress the json.gzip correctly and the applications are working.

Is there any additional heading I can add to the S3 bucket files so Sophos will decompress correctly or it is something needs to be configured on Sophos?

Their Sophos versions:
Core Agent : 2.19.7
Endpoint Advanced 10.8.11.1
Sophos Intercept X 2.0.21

This thread was automatically locked due to age.

0 RichardP over 2 years ago

Hi Boti,

There isn't enough information to properly answer this - I would need to see the settings on the Endpoint. However, the mostly likely issue is with the Download Protection policy element. This is what tells the scanner to scan items downloaded through a browser.

They can test this by disabling the policy element and seeing if the extraction works - if it does, there can be exclusions they can add to allow the download.

Sincerely,

RichardP

Program Manager, Support Readiness | CISSP | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel