Unable to access HTTPS or HTTP pages after upgrading to SGOS 220.127.116.11, 18.104.22.168, or 22.214.171.124
After upgrading to 126.96.36.199, 188.8.131.52, or 184.108.40.206, you are unable to access HTTPS or HTTP
Policy trace shows: EXCEPTION(content_encoding_error): Unknown content encoding
PCAP shows no response from the proxy, or a FIN/ACK after the SSL 'client hello'
Results may vary depending on policy conditions and deployment type, but essentially if you see 'content_encoding_error' in a policy trace while accessing HTTPS or HTTP pages or applications which use HTTPS or HTTP, this KB discusses the cause and resolution.
A new bug has been introduce in 220.127.116.11, 18.104.22.168, or 22.214.171.124 in relation to using the following CPL policy condition/actions:
http.response.apparent_data_type=(executable,cabinet), detect_protocol(none), or detect_protocol.ssl(no)
If you are using this policy in an explicit deployment under 126.96.36.199, 188.8.131.52, or 184.108.40.206, then HTTPS or HTTP pages may be inaccessible.
This policy is also automatically created when enabling 'Malware scanning' under:
Configuration--> Threat Protection --> Malware scanning.
Possible work-arounds to the problem are:
1) Upgrade to SGOS 220.127.116.11
1) Remove any apparent data type policies
2) Disable Malware scanning
3) Revert back to a previous version of SGOS
4) Enable protocol detection for affected sites (sites that require protocol detection to be disabled may still fail)
This has been raised internally under bug :
Bug 175814 - cannot access HTTPS sites with http.response.apparent_data_type policy under explicit deployment.
This bug has been fixed and is expected to be included in the next GA release of each affected SGOS branch (no ETA at this time).
Rate this Page
Please take a moment to complete this form to help us better serve you.