_     _                  __  __ _           _          _
 | |   (_)_ __  _   ___  _|  \/  (_)_ __   __| | ___  __| |
 | |   | | '_ \| | | \ \/ / |\/| | | '_ \ / _` |/ _ \/ _` |
 | |___| | | | | |_| |>  <| |  | | | | | | (_| |  __/ (_| |
 |_____|_|_| |_|\__,_/_/\_\_|  |_|_|_| |_|\__,_|\___|\__,_|
| Home | Software | Mirrors | Writings | Dutch Power Cows | About |

Writings

Workaround for the MS ISA 2004 SP2 issue with GZIP compressed content

Update: This issue appears to have been fixed by:
KB 916106: Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2
The original writeup follows below.

Microsoft ISA 2004 has a problem with GZIP compressed content since SP2.
I became aware of this issue when the cron-apt emails from my Debian systems at work contained:
"Failed to fetch http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 500 ( Not implemented ) [IP: 82.94.249.158 80]"

If you experience this problem with any kind of GZIP compressed content from systems behind an MS ISA 2004 SP2 systems,
disable the "Compression Filter" in the tab "Web Filters" in the ISA Add-ins section.

Before disabling the "Compression Filter", a HEAD request to security.debian.org would return:
abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz
500 ( Not implemented  )
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Via: 1.1 MS-ISA
Content-Length: 1960
Content-Type: text/html
Client-Date: Tue, 21 Feb 2006 09:54:41 GMT
Client-Peer: 194.109.137.218:80
Client-Response-Num: 1
Proxy-Connection: close
But after the "Compression Filter" is disabled, I get a positive response again:
abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz
200 OK
Connection: close
Date: Tue, 21 Feb 2006 10:00:09 GMT
Via: 1.1 MS-ISA
Accept-Ranges: bytes
ETag: "13cd69f-2e3aa-43f5d90a"
Server: Apache/1.3.33 (Debian GNU/Linux)
Content-Encoding: x-gzip
Content-Length: 189354
Content-Type: text/plain; charset=iso-8859-1
Last-Modified: Fri, 17 Feb 2006 14:09:14 GMT
Client-Date: Tue, 21 Feb 2006 10:00:08 GMT
Client-Peer: 128.101.80.133:80
Client-Response-Num: 1
Keep-Alive: timeout=15, max=100
Proxy-Connection: close
Updated: 2006-05-10
Written: 2006-02-21


Fortune:

If you remove stricture from a large Perl program currently, you're just
installing delayed bugs, whereas with this feature, you're installing an
instant bug that's easily fixed.  Whoopee.
	-- Larry Wall in <199710050130.SAA04762@wall.org>