Brotli ("br") content-encoding support on the ProxySG appliance
Last Updated July 09, 2019
Brotli is a compression algorithm from Google (http://google-opensource.blogspot.ca/2015/09/introducing-brotli-new-compression.html). Prior to version 7.1.x, the ProxySG appliance did not support this content-encoding; thus, features such as transformation of HTTP/S content, virus scanning, and apparent data type did not work (the appliance was not able to compress/decompress such content). If you have a pre-7.x deployment using these features are used and Brotli is detected, refer to the Workaround section.
For details on Brotli support in SGOS 7.1.x, refer to the SGOS 7.1.x Administration Guide and Content Policy Language Reference.
Use the following policy as a workaround in SGOS 6.x:
define action remove_brotli iterate(request.header.Accept-Encoding) iterator.exact = "br" iterator.delete() end end
Clients advertise their content encoding handling capability using the "Accept-Encoding" header. This policy will remove "br" (Brotli encoding") from the list of encodings supported by the user-agent/browser so that the server is not aware of this capability and doesn't use it.
Note: The "remove_brotli" action can be conditioned on other factors such as url domain etc. as appropriate.
After applying the policy, a well-behaved server should not send "Brotli" content encoding, but if a broken/bad server still sends "Brotli" content, the ICAP server may not be able to properly inspect the content. To prevent this, you can apply the following policy, which will deny the traffic after it has detected "Brotli" content in the response. The "deny" can be replaced by any suitable custom exception.