Last week we had a problem with one of our customers that was trying to access a new web site recently built and hosted at their cloud provider. When running a query in Forefront TMG Logs and Reports view, I found the error below:
Failed Connection Attempt Log type: Web Proxy (Forward) Status: 13 The data is invalid. Rule: Source: Internal _Destination: External _ Request: GET http:// Filter information: Req ID: 0fdbab91; Compression: client=No, server=Yes, compress rate=0% decompress rate=0% Protocol: http User: anonymous
This error occurs when the destination Web Server is using Chunked Encoding but it is not passing the correct TransferEnconding header.
When researching about this problem I found a great post from my friend Yuri Diógenes that explains why this problem happens:
According to RFC if a server is using chunked encoding it must set the Transfer-Encoding header to "chunked". In order to compress the content we need to accumulate all the chucks and then compress. When it works, TMG knows that all that content is part of the same HTTP request since it says in the HTTP Response Header; therefore it waits for the entire content, compress and send it back to the client. On the failing server we receive the first answer that doesn’t say that the content is chucked and right after that we receive other chucks, since HTTP Compression is enabled it fails to reassemble all the content since it doesn’t know that they belong to the same content." - Yuri Diógenes at: https://blogs.technet.com/b/yuridiogenes/archive/2010/12/22/3292163.aspx
If possible, the best way to solve it is by asking the web site administrator to change the "TransferEncoding header" parameter on the web server to "chunked". See How to enable chunked transfer encoding with IIS.
If you cannot wait for the website administrator to change this, you can workaround the problem by disabling HTTP Compression for the destination site.
Disabling HTTP Compression altogether will cause higher bandwidth consumption and may cause other kinds of Internet access errors, so the better solution is to keep this service enabled and adding the destination IP as an exception:
To add exclude a destination IP from HTTP Compression
Once the exception has been added, try browsing to the web site again and the issue should be resolved!
I hope this post may help you!
Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.
How to Enable and Disable SSL / TLS Versions on Forefront TMG
How To Extend Forefront TMG's Web Protection Services (WPS) After November 30 2012