Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
lraaicfdb
Contributor
Jump to solution

Threat Emulation failure "Gzip exceeded maximum decompression ratio"

Hello everyone,
our security gateway is currently blocking Google pages from time to time. Threat emulation is stopping traffic with the error: HTTP parsing error occurred - Gzip exceeded maximum decompression ratio.

However, gzip is excluded in the Threat Emulation Blade. Can someone explain the error to me? What decompression ratio are we talking about here?

Thank you!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

gzip in Threat Emulation refers to files with .gz.
What this is referring to is the gzip compression that web servers sometimes do as part of the HTTP connection.

HTTP Parsing Errors are usually triggered by specific inspection settings.
There appears to be one for this:

image.png

I don't believe disabling this option is a good idea.
I would check with TAC here.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

gzip in Threat Emulation refers to files with .gz.
What this is referring to is the gzip compression that web servers sometimes do as part of the HTTP connection.

HTTP Parsing Errors are usually triggered by specific inspection settings.
There appears to be one for this:

image.png

I don't believe disabling this option is a good idea.
I would check with TAC here.

0 Kudos
lraaicfdb
Contributor

I waited a few days with my answer to test the change. Apparently, it was precisely the function that was causing the issue, but the "Inspect compressed HTTP traffic" option wasn't selected (for whatever reason). Since selecting the option and increasing the limit, the messages in log-Files have disappeared and the websites load perfectly. Thank you so much!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events