Writings - Workaround for the MS ISA 2004 SP2 issue with GZIP compressed content

  _     _                  __  __ _           _          _
 | |   (_)_ __  _   ___  _|  \/  (_)_ __   __| | ___  __| |
 | |   | | '_ \| | | \ \/ / |\/| | | '_ \ / _` |/ _ \/ _` |
 | |___| | | | | |_| |>  <| |  | | | | | | (_| |  __/ (_| |
 |_____|_|_| |_|\__,_/_/\_\_|  |_|_|_| |_|\__,_|\___|\__,_|

Writings
Workaround for the MS ISA 2004 SP2 issue with GZIP compressed content Update: This issue appears to have been fixed by: KB 916106: Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2 The original writeup follows below. Microsoft ISA 2004 has a problem with GZIP compressed content since SP2. I became aware of this issue when the cron-apt emails from my Debian systems at work contained: "Failed to fetch http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 500 ( Not implemented ) [IP: 82.94.249.158 80]" If you experience this problem with any kind of GZIP compressed content from systems behind an MS ISA 2004 SP2 systems, disable the "Compression Filter" in the tab "Web Filters" in the ISA Add-ins section. Before disabling the "Compression Filter", a HEAD request to security.debian.org would return: abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 500 ( Not implemented ) Cache-Control: no-cache Connection: close Pragma: no-cache Via: 1.1 MS-ISA Content-Length: 1960 Content-Type: text/html Client-Date: Tue, 21 Feb 2006 09:54:41 GMT Client-Peer: 194.109.137.218:80 Client-Response-Num: 1 Proxy-Connection: close But after the "Compression Filter" is disabled, I get a positive response again: abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 200 OK Connection: close Date: Tue, 21 Feb 2006 10:00:09 GMT Via: 1.1 MS-ISA Accept-Ranges: bytes ETag: "13cd69f-2e3aa-43f5d90a" Server: Apache/1.3.33 (Debian GNU/Linux) Content-Encoding: x-gzip Content-Length: 189354 Content-Type: text/plain; charset=iso-8859-1 Last-Modified: Fri, 17 Feb 2006 14:09:14 GMT Client-Date: Tue, 21 Feb 2006 10:00:08 GMT Client-Peer: 128.101.80.133:80 Client-Response-Num: 1 Keep-Alive: timeout=15, max=100 Proxy-Connection: close _{Updated: 2006-05-10} _{Written: 2006-02-21}

Writings

Workaround for the MS ISA 2004 SP2 issue with GZIP compressed content

Update: This issue appears to have been fixed by:
KB 916106: Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2
The original writeup follows below.

Microsoft ISA 2004 has a problem with GZIP compressed content since SP2.
I became aware of this issue when the cron-apt emails from my Debian systems at work contained:
"Failed to fetch http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 500 ( Not implemented ) [IP: 82.94.249.158 80]"

If you experience this problem with any kind of GZIP compressed content from systems behind an MS ISA 2004 SP2 systems,
disable the "Compression Filter" in the tab "Web Filters" in the ISA Add-ins section.

Before disabling the "Compression Filter", a HEAD request to security.debian.org would return:

abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz
500 ( Not implemented  )
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Via: 1.1 MS-ISA
Content-Length: 1960
Content-Type: text/html
Client-Date: Tue, 21 Feb 2006 09:54:41 GMT
Client-Peer: 194.109.137.218:80
Client-Response-Num: 1
Proxy-Connection: close

But after the "Compression Filter" is disabled, I get a positive response again:

abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz
200 OK
Connection: close
Date: Tue, 21 Feb 2006 10:00:09 GMT
Via: 1.1 MS-ISA
Accept-Ranges: bytes
ETag: "13cd69f-2e3aa-43f5d90a"
Server: Apache/1.3.33 (Debian GNU/Linux)
Content-Encoding: x-gzip
Content-Length: 189354
Content-Type: text/plain; charset=iso-8859-1
Last-Modified: Fri, 17 Feb 2006 14:09:14 GMT
Client-Date: Tue, 21 Feb 2006 10:00:08 GMT
Client-Peer: 128.101.80.133:80
Client-Response-Num: 1
Keep-Alive: timeout=15, max=100
Proxy-Connection: close

_{Updated: 2006-05-10}
_{Written: 2006-02-21}

Fortune:

As pointed out in a followup, Real Perl Programmers prefer things to be
visually distinct.
	-- Larry Wall in <199710161841.LAA13208@wall.org>