_ _ __ __ _ _ _ | | (_)_ __ _ ___ _| \/ (_)_ __ __| | ___ __| | | | | | '_ \| | | \ \/ / |\/| | | '_ \ / _` |/ _ \/ _` | | |___| | | | | |_| |> <| | | | | | | | (_| | __/ (_| | |_____|_|_| |_|\__,_/_/\_\_| |_|_|_| |_|\__,_|\___|\__,_| |
| Home | Software | Mirrors | Writings | Dutch Power Cows | About | |
Writings |
---|
Workaround for the MS ISA 2004 SP2 issue with GZIP compressed content Update: This issue appears to have been fixed by: KB 916106: Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2 The original writeup follows below. Microsoft ISA 2004 has a problem with GZIP compressed content since SP2. I became aware of this issue when the cron-apt emails from my Debian systems at work contained: "Failed to fetch http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 500 ( Not implemented ) [IP: 82.94.249.158 80]" If you experience this problem with any kind of GZIP compressed content from systems behind an MS ISA 2004 SP2 systems, disable the "Compression Filter" in the tab "Web Filters" in the ISA Add-ins section. Before disabling the "Compression Filter", a HEAD request to security.debian.org would return: abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 500 ( Not implemented ) Cache-Control: no-cache Connection: close Pragma: no-cache Via: 1.1 MS-ISA Content-Length: 1960 Content-Type: text/html Client-Date: Tue, 21 Feb 2006 09:54:41 GMT Client-Peer: 194.109.137.218:80 Client-Response-Num: 1 Proxy-Connection: closeBut after the "Compression Filter" is disabled, I get a positive response again: abydos:~# HEAD http://security.debian.org/dists/sarge/updates/main/binary-i386/Packages.gz 200 OK Connection: close Date: Tue, 21 Feb 2006 10:00:09 GMT Via: 1.1 MS-ISA Accept-Ranges: bytes ETag: "13cd69f-2e3aa-43f5d90a" Server: Apache/1.3.33 (Debian GNU/Linux) Content-Encoding: x-gzip Content-Length: 189354 Content-Type: text/plain; charset=iso-8859-1 Last-Modified: Fri, 17 Feb 2006 14:09:14 GMT Client-Date: Tue, 21 Feb 2006 10:00:08 GMT Client-Peer: 128.101.80.133:80 Client-Response-Num: 1 Keep-Alive: timeout=15, max=100 Proxy-Connection: closeUpdated: 2006-05-10 Written: 2006-02-21 |
Fortune: If you remove stricture from a large Perl program currently, you're just installing delayed bugs, whereas with this feature, you're installing an instant bug that's easily fixed. Whoopee. -- Larry Wall in <199710050130.SAA04762@wall.org> |