Solutions

Unable to access HTTPS or HTTP pages after upgrading to SGOS 5.5.9.1, 6.2.8.1, or 6.2.9.1

Solutions ID:    KB5071
Version:    7.0
Status:    Published
Published date:    04/19/2012
Updated:    09/17/2012
 

Problem Description

After upgrading to 5.5.9.1, 6.2.8.1, or 6.2.9.1, you are unable to access HTTPS or HTTP

Policy trace shows: EXCEPTION(content_encoding_error): Unknown content encoding

PCAP shows no response from the proxy, or a FIN/ACK after the SSL 'client hello'

Results may vary depending on policy conditions and deployment type, but essentially if you see 'content_encoding_error' in a policy trace while accessing HTTPS or HTTP pages or applications which use HTTPS or HTTP, this KB discusses the cause and resolution.

Resolution

A new bug has been introduce in 5.5.9.1, 6.2.8.1, or 6.2.9.1 in relation to using the following CPL policy condition/actions:

http.response.apparent_data_type=(executable,cabinet), detect_protocol(none), or detect_protocol.ssl(no)

If you are using this policy in an explicit deployment under 5.5.9.1, 6.2.8.1, or 6.2.9.1, then HTTPS or HTTP pages may be inaccessible.

 

This policy is also automatically created when enabling 'Malware scanning' under:

Configuration--> Threat Protection --> Malware scanning.

 

Possible work-arounds to the problem are:

1) Upgrade to SGOS 6.2.10.1

1) Remove any apparent data type policies

2) Disable Malware scanning

3) Revert back to a previous version of SGOS 

4) Enable protocol detection for affected sites (sites that require protocol detection to be disabled may still fail)

This has been raised internally under bug :

Bug 175814 - cannot access HTTPS sites with http.response.apparent_data_type policy under explicit deployment.

This bug has been fixed and is expected to be included in the next GA release of each affected SGOS branch (no ETA at this time).

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question