Thread Info
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 2697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Content Decoding failing in Unlayer through Sophos UTM

Markus Quirmbach

Hi Everyone!

Our development team uses Unlayer to bind pictures/images from one (source) website onto another (target) website via iframe. Unfortunately, Unlayer cannot work with source websites behind a Sophos UTM. Every other source works fine.

The source website is behind our Sophos UTM firewall and published through the WAF. Even if I deactivate all firewall profile features Unlayer is not working. But if I just create a DNAT rule from internet-https to webserver-https it starts working. As this negates all security features of the UTM this is no solution for us.

The error message we receive form Unlayer is "ERR_CONTENT_DECODING_FAILED". The Response Header shows "Content-Encoding: gzip". When I activate the DNAT rule the error is gone and there is no "Content Encoding" in the response headers. I hope this is not too confusing. ;)

Any ideas why this is happening and how to resolve this? Is there a workaround?

Thanks!



This thread was automatically locked due to age.

  • Hallo Markus,

    I don't recall seeing this issue here before, so I bet you'll need to open a support case with Sophos.  Whe you get the answer, please post it back here for others to learn.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Hello Bob,

    ok, thanks. I opened a support case and will report back here when I have an answer. Slight smile

    Markus

  • Hello Markus.

    You could try disabling compression support for the specific WAF virtual webserver if enabled:

    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • in reply to ThomW

    Hello Thom,

    mhm, yeah, I could test that. But wouldn't this significantly slow down the speed of the website? Or is it barely noticeable?
    Anyway, I'll give it a try later.
    Thanks!

    Markus

  • in reply to Markus Quirmbach

    Well Markus.

    To be honest - I never tested and think it depends on the application. So I think you have to test it.

    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.

  • Hi!

    So we tested the option "Dissable compression support" and it seems to work! The error in Unlayer is gone. Slight smile

    @Thomw Thanks for the suggestion. We will monitor it for a couple of days if we see any negative impact. So far the websites don't seem to be loaded any slower. If we find something I will reply back.

    @BAlfson I will keep open the support case with Sophos. Maybe they have an alternative or can tell me why the compression support is causing issues here. Anyway, I have not yet talked to a Sophos technician. I will reply if I have any news here.

    Thanks to all!

      Markus

  • in reply to Markus Quirmbach

    In general, I don't use compression.  I've seen situations where the additional load on the CPU actually reduces throughput.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA

  • Hi Everyone!

    I finally received an answer from Sophos support. Their suggestion is also to simply deactivate compression support.

    They add the following:

    So the Compression feature is helpful in reducing the number of packets required to communicate or complete the session, the drawback is that it will required resources (RAM/CPU) for compression and decompression.

    Compression will only come into the picture, When clients request compressed data, the Firewall/Server then will send data in compressed form. 

    In some cases further compressing files may cause them to not work properly so disabling the option will give more proper communication. 

    There is no major effect on enabling or disabling the compression other than it save some bandwidth or in actual data required to load a site. If the client is having a very low bandwidth then only they fill the access is slow otherwise with the currently available bandwidths through ISP usually this won't affect much.

    As we are not facing any issues with deactivated compression so far, I think this solution works flawlessly.

    Thanks again you all!

    Best regards,

      Markus

Unfiltered HTML