Problem: |
When IWSS is used as the HTTP proxy, access to websites is blocked and the Corrupted_Zip_File error appears even if compressed files are not being downloaded.
|
| |
Solution: |
|
Some Web-servers compress the requested content (HTML, images, etc) using the GZIP-algorithm to decrease the amount of traffic. If such content is sent in multiple chunks, and VSAPI only has one chunk, it will exit with an error indicating that the archive is corrupted (CORRUPTED_ZIP_ERROR). The web browsers can handle that as they are rebuilding it in there cache space on their side. To avoid such situations, IWSS 3.0 and 3.1 include a new feature that modifies the Accept-Encoding header of the HTTP request to exclude GZIP from the supported encodings. This feature is controlled in the intscan.ini file by the [http]/ disallow_gzip_encoding parameter and is enabled by default (yes). | | | 1. | Please make sure that the parameter "disallow_gzip_encoding" is set to "yes". | | If you change the value, you will have to restart the http daemon for the change to take effect. Use the following commands: | | | /opt/trend/iwss/bin/S99ISproxy stop | | | /opt/trend/iwss/bin/S99ISproxy start | | | 2. | If you are using an ICAP implementation as well (like squid, ISA, etc..), you will have to change your ICAP client settings to "don’t send the header Accept-Encoding: gzip". | | This will reduce the instances of the contents being blocked and may increase bandwidth usage. Some web servers may ignore this setting and still return the compressed content. |
|
|