Brotli is a compression algorithm from Google (http://google-opensource.blogspot.ca/2015/09/introducing-brotli-new-compression.html). Prior to version 7.1.x, the Edge SWG (ProxySG) appliance did not support this content-encoding; thus, features such as transformation of HTTP/S content, virus scanning, and apparent data type did not work (the appliance was not able to compress/decompress such content). If you have a pre-7.x deployment using these features are used and Brotli is detected, refer to the Workaround section.

For details on Brotli support in SGOS 7.1.x, refer to the SGOS 7.1.x Administration Guide and Content Policy Language Reference.

Workaround

Use the following policy as a workaround in SGOS 6.x:

define action remove_brotli
    iterate(request.header.Accept-Encoding)
        iterator.exact = "br" iterator.delete()
    end
end

<Proxy>
    action.remove_brotli(yes)

Clients advertise their content encoding handling capability using the "Accept-Encoding" header. This policy will remove "br" (Brotli encoding") from the list of encodings supported by the user-agent/browser so that the server is not aware of this capability and doesn't use it.

Note: The "remove_brotli" action can be conditioned on other factors such as url domain etc. as appropriate.

Note: Since version SGOS 7.1.1.1 Brotli Encoding Support has been added so above workaround is no longer needed. Please make sure the code is removed to avoid any unexpected proxy behavior.


After applying the policy, a well-behaved server should not send "Brotli" content encoding, but if a broken/bad server still sends "Brotli" content, the ICAP server may not be able to properly inspect the content. To prevent this, you can apply the following policy, which will deny the traffic after it has detected "Brotli" content in the response. The "deny" can be replaced by any suitable custom exception.

<proxy>
    response.header.Content-Encoding.exact = "br" deny