This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
lraaicfdb
Contributor
Tuesday
Jump to solution

Threat Emulation failure "Gzip exceeded maximum decompression ratio"

Hello everyone,
our security gateway is currently blocking Google pages from time to time. Threat emulation is stopping traffic with the error: HTTP parsing error occurred - Gzip exceeded maximum decompression ratio.

However, gzip is excluded in the Threat Emulation Blade. Can someone explain the error to me? What decompression ratio are we talking about here?

Thank you!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Tuesday
Jump to solution

gzip in Threat Emulation refers to files with .gz.
What this is referring to is the gzip compression that web servers sometimes do as part of the HTTP connection.

HTTP Parsing Errors are usually triggered by specific inspection settings.
There appears to be one for this:

image.png

I don't believe disabling this option is a good idea.
I would check with TAC here.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
Tuesday
Jump to solution

gzip in Threat Emulation refers to files with .gz.
What this is referring to is the gzip compression that web servers sometimes do as part of the HTTP connection.

HTTP Parsing Errors are usually triggered by specific inspection settings.
There appears to be one for this:

image.png

I don't believe disabling this option is a good idea.
I would check with TAC here.

0 Kudos
lraaicfdb
Contributor
7m ago
In response to PhoneBoy
Jump to solution

I waited a few days with my answer to test the change. Apparently, it was precisely the function that was causing the issue, but the "Inspect compressed HTTP traffic" option wasn't selected (for whatever reason). Since selecting the option and increasing the limit, the messages in log-Files have disappeared and the websites load perfectly. Thank you so much!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events