• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How to enable GZIP compression

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> How to enable GZIP compression Page: [1]
Login
Message << Older Topic   Newer Topic >>
How to enable GZIP compression - 30.Nov.2004 5:11:00 AM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
Hi, I have moved from ISA 2000 to 2k4 and have noticed that now my formerly compressed web content is now reported as not being compressed. Does anyone know how to enable GZIPed content to pass ISA without being uncompressed?

Thanks,

John
Post #: 1
RE: How to enable GZIP compression - 1.Dec.2004 8:18:00 AM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
Hey everyone I figured out a workaround for the ISA 2004 block on the GZIP encoding header problem. This isn∆t very secure I suppose, but it does meet the bar of getting gzip encoding through the firewall. You need to create a new rule and manually create a śnew protocol∆ and specify ∆80 in∆ no secondary. Then publish as normal. This bypasses the webfilter, which appears to be responsible for striping the header. One would lose the śapplication level security∆ Microsoft is touting, but the result is GZIP will work!

Hey MS you listening? This should be a user configurable setting! You go through all the pain of letting users manipulated headers, why not allow a person to decide to use gzip compression??? It isn't like this is an important selling point for IIS, or anything built on it is it? Yes, it is, see tryiis.com (ms property), for the reasons to switch, which I presume implies not if you are using an MS firewall. Fix this!

Cheers,

John

(in reply to jmunyan)
Post #: 2
RE: How to enable GZIP compression - 1.Dec.2004 12:10:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi John,

You identified the problem and the solution. In order to allow compression, you have to whack security. [Frown]

They're aware of it and hopefully I won't have to choose between security and speed in the future. Right now, I'm choosing security.

Thanks!
Tom

(in reply to jmunyan)
Post #: 3
RE: How to enable GZIP compression - 2.Dec.2004 3:42:00 AM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
I would expect nothing less from you. [Smile] Still it is funny that in ISA 2k I had to give up on 'security' to get the source IP address to my webserver, and now have to give up 'security' to get compression to work.

Will I ever be able to use the webfilter? [Confused]

(in reply to jmunyan)
Post #: 4
RE: How to enable GZIP compression - 25.Dec.2004 2:57:00 PM   
Guest
You can have your cake and eat it too.

The reason why the webserver doesn't compress is that it never receives the accept-encoding header, and assumes the browser doesn't support compression.

So far I believe we both agree, but your assumption about why this happens is a little bit off: "...the webfilter, which appears to be responsible for striping the header."

The actual reason: SendAcceptEncodingHeader is set to False by default for a new rule.

Setting it to True lets it through. There's no checkbox for this in ISA 2004 admin, but it's nothing mysterious about it. It is properly documented in the ISA 2004 DOM on MSDN, and the below script is an example of how to set it.

ruleName = WScript.Arguments(0)
Set FW = CreateObject ("FPC.Root")
Set myRule = FW.GetContainingArray.ArrayPolicy.PolicyRules.Item (ruleName)
myRule.WebPublishingProperties.SendAcceptEncodingHeader = True
myRule.Save
WScript.Echo "Settings changed for " & ruleName

run it from the commandline:
WScript yourScriptName.vbs yourRule

In addition to this, to enable compression during https, you probably have to uncheck Block high bit and verify normalization under configure HTTP. You don't have to disable any filter.

As pointed out earlier by Mr Shinder, if you compress you cannot inspect - but most of us probably don't need to inspect outgoing information in a regular web publishing scenario anyway.

Credits: A hint by an MS guy that works with ISA 2004. Of course they know, and of course ISA 2004 is secure.

Personally, I think ISA 2004 is amazing. I have never used a software that has made so much difference for me in so short time.

Joe

(in reply to jmunyan)
  Post #: 5
RE: How to enable GZIP compression - 25.Dec.2004 4:34:00 PM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
I am a little confused, when I created my rule which does not use the web filter the gzip accept header is not altered. Thus leading me to suspect it is the web filter which is doing the striping... Can you elaborate?

Also with the suggested solution what is the impact on clients who can not accept gzip encoding such as google bot? It looks like the above code sets gzip accept to all requests even though the client may not be able to recieve compressed content. Could you elaborate?

Thanks, much appreciate you leveraging the mcs guys on this. Still, I have my doubts about this being a valid work around...

John

(in reply to jmunyan)
Post #: 6
RE: How to enable GZIP compression - 26.Dec.2004 12:58:00 AM   
Guest
John, I'm afraid you misunderstand. Seems like you mix parameter and value. What we do here is to allow a parameter/value to be let through - we are NOT touching the value at all. It is not an accept-encoding parameter that is set to True or False. The value for the accept-Encoding header is "gzip, deflate" from most browsers. What we do is to set a parameter in ISA 2004 that decides whether a certain header is forwarded to the webserver or not.

This is NOT a workaround, ok? It's healthy to have doubts, but I pointed you to MSDN, which explains it very clearly:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isasdk/isa/fpcwebpublishingproperties_sendacceptencodingheader.asp

I quote:

SendAcceptEncodingHeader

Boolean value that indicates whether ISA Server sends the original Accept-Encoding header received from the client to the published server.

This property is read/write. Its default value is False for an ordinary Web publishing rule and True for an Outlook Web Access publishing rule created using the Mail Publishing Rule Wizard.

If a Web publishing rule allows the ISA Server computer to forward Accept-Encoding headers from clients to a Web server and a client sends an Accept-Encoding header indicating that it will accept compressed content, the Web server may send a compressed response (as indicated by its Content-Encoding header), which will be accepted by the ISA Server computer and forwarded to the client. However, the ISA Server computer will not cache the compressed content.

If a Web publishing rule instructs the ISA Server computer to delete all Accept-Encoding headers from requests sent to the Web server (the default setting) and the Web server nevertheless sends a compressed response, the ISA Server computer will not forward the response to the client.
=============

I don't know why it's False as default for Web publishing rules, and True for mail publishing rules, or why there isn't simply a checkbox for sending accept-encoding header like there is a checkbox for sending original host header (but don't care since I know how to deal with it). I certainly don't see any security risks from letting the accept-encoding header through - if I don't want to compress any content I simply don't enable it on the webserver and the header has no meaning.

You should probably read through the administration COM reference for ISA 2004 on MSDN (I called it DOM because I'm used to the WebBrowser/HTML DOM that makes me spend hours and hours on MSDN whenever I need to do some new stuff with IE). Gives you good insight into available parameters and what they do. As you can see from the above quote, the description of this particular parameter is actually very good.

Joe

(in reply to jmunyan)
  Post #: 7
RE: How to enable GZIP compression - 26.Dec.2004 7:59:00 AM   
jmunyan

 

Posts: 803
Joined: 3.Feb.2001
From: Seattle, WA
Status: offline
Just tried it out and it seems to work; good find! [Smile] You should take this and the https enabling script and make it a lession in the learning section. I think there are quite a few people after this solution... Really strange someone inside ms didn't make enabling this function more public - think a means to enable this slipped by the best of us. Thanks for the clues Joe, you should really write up a quick tutorial for this one...

Gotta tell you seems odd to me, that it is the rule itself which is stripping out the gzip header, seemed like something the webfilter would be doing - especially given how I got it working. So what exactly is the webfilter doing, if not this type of thing? Seems like this would all be parameters passed into it...

Any thoughts?

Thanks,

John

(in reply to jmunyan)
Post #: 8
RE: How to enable GZIP compression - 26.Dec.2004 10:54:00 AM   
Guest
"I think there are quite a few people after this solution..."

Feel free to explain it to them, or make a tutorial or put it in a book, or... I think anybody with IIS6 and ISA 2004 would want to use the built-in IIS6 compression instead of paying $1000 for an ISA 2004 compression program (which is not commercially available yet anyway). The advantage the 3rd-party developers have is that they can cache the compressed content, but most of what people do from IIS6 is dynamic content anyway, which you probably don't want to cache.

"So what exactly is the webfilter doing, if not this type of thing? Seems like this would all be parameters passed into it..."

Your "webfilter" is like any other filter you put on ISA - it can inspect and modify pretty much everything that is sent This way you can make filters that remove malicious content, headers you don't want to forward, etc. It was not wrong of you to make the assumption you made. The problem could very well have been inside the http filter (or another filter for that matter). In order to rule out that possibility I simply turned off all the filters without seeing any difference - and then started looking elsewhere.

Joe

(in reply to jmunyan)
  Post #: 9
RE: How to enable GZIP compression - 26.Dec.2004 6:51:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by <my2cents>:
You can have your cake and eat it too.

The reason why the webserver doesn't compress is that it never receives the accept-encoding header, and assumes the browser doesn't support compression.

So far I believe we both agree, but your assumption about why this happens is a little bit off: "...the webfilter, which appears to be responsible for striping the header."

The actual reason: SendAcceptEncodingHeader is set to False by default for a new rule.

Setting it to True lets it through. There's no checkbox for this in ISA 2004 admin, but it's nothing mysterious about it. It is properly documented in the ISA 2004 DOM on MSDN, and the below script is an example of how to set it.

ruleName = WScript.Arguments(0)
Set FW = CreateObject ("FPC.Root")
Set myRule = FW.GetContainingArray.ArrayPolicy.PolicyRules.Item (ruleName)
myRule.WebPublishingProperties.SendAcceptEncodingHeader = True
myRule.Save
WScript.Echo "Settings changed for " & ruleName

run it from the commandline:
WScript yourScriptName.vbs yourRule

In addition to this, to enable compression during https, you probably have to uncheck Block high bit and verify normalization under configure HTTP. You don't have to disable any filter.

As pointed out earlier by Mr Shinder, if you compress you cannot inspect - but most of us probably don't need to inspect outgoing information in a regular web publishing scenario anyway.

Credits: A hint by an MS guy that works with ISA 2004. Of course they know, and of course ISA 2004 is secure.

Personally, I think ISA 2004 is amazing. I have never used a software that has made so much difference for me in so short time.

Joe

Hi Joe,

Great info! But I do prefer to inspect outbound for enhance security. For those who don't want to inspect outbound, this is a fantastic find!

Thanks!
Tom

(in reply to jmunyan)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> How to enable GZIP compression Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts