This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GZIP File - Google Translate

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GZIP File - Google Translate

Hithead
L4 Transporter

‎08-15-2014 05:37 AM

Hi,

some users reported they are unable to use Google-Translate any more. I saw in the logs, Clients are trying to download GZIP files with the app google-translate-auto and google-translate-manual:

2014-08-15_14-01-34.jpg

I'm sure, the users were able to use Google-Translate in past. So the problem is since recently.

0 Likes Likes
13 REPLIES 13

scanlab.rgr
L1 Bithead

‎08-18-2014 05:29 AM

Hi,

we see also many GZIP (f.txt) download attempts with the app web-browsing.

When we block this download Google Instant and Google Maps does not work anymore.

This behavior started last week.

Our Data Filtering protocols are flooded with such entries.

Does anyone also see such a behavior?

Best regards,

Rainer Grothues

0 Likes Likes

SDorsey
L4 Transporter
In response to scanlab.rgr

‎08-18-2014 05:55 AM

I'm not a web dev guy.. at all..

But I wonder if they are using HTML5 to get the content to you in compressed format (gzip) then using the power of HTML5 to uncompress it within the browser. It would make their service faster and take less bandwidth.

0 Likes Likes

SDorsey
L4 Transporter

‎08-18-2014 06:18 AM

Did you just recently enable SSL decryption? I just tested it and it does not ID any of the traffic as gzip until you decrypt it as Google forces SSL for Google Maps.

0 Likes Likes

Hithead
L4 Transporter
In response to SDorsey

‎08-18-2014 06:19 AM

SSL decryption was always on. also for google...

0 Likes Likes

SDorsey
L4 Transporter
In response to Hithead

‎08-18-2014 06:22 AM

It appears my assumption was correct. Google Maps uses gzip compression.

https://google-developers.appspot.com/coordinate/v1/performance#gzip

0 Likes Likes

Hithead
L4 Transporter
In response to SDorsey

‎08-18-2014 07:19 AM

but since when? And we talking about google translate (ok, maybe google earth is also effected).

I think, it happens after a content update.

0 Likes Likes

scanlab.rgr
L1 Bithead
In response to Hithead

‎08-18-2014 07:31 AM

Sorry Hithead I brought Google Maps into play with my post.

I made the test also with Google Translate and saw the same behavior as you.

Maybe a little change on the ssl decoder?

0 Likes Likes

Hithead
L4 Transporter
In response to scanlab.rgr

‎08-18-2014 07:37 AM

its ok. seems the two problems (apps) have the same root cause.

if we could solve both, google translate and earth, would be nice.

I hope PAN can modify the google apps to let the gzip file passed.

0 Likes Likes

scanlab.rgr
L1 Bithead
In response to Hithead

‎08-18-2014 07:52 AM

You could modify your file blocking policy to allow gzip.

After that all works fine but only if you chose the action allow or forward. Continue does not work.

Nevertheless I would like to know what happened.

0 Likes Likes

Hithead
L4 Transporter
In response to scanlab.rgr

‎08-18-2014 07:56 AM

I know this workaround. but the problem is, I cannot select google-translate as application. Don't want to allow gzip with all applications...

0 Likes Likes

SDorsey
L4 Transporter
In response to Hithead

‎08-18-2014 08:23 AM

Create a new ACL line which matches on Google Maps and Google Translate. Create a new File Blocking profile for that rule which allows GZIP.

This will allow you to let GZIP work for these apps but the rest of the traffic will match on your previous rules.

0 Likes Likes

Hithead
L4 Transporter
In response to SDorsey

‎08-18-2014 08:28 AM

thank you for your comments guys, but I know this kind of workarounds.

I like to know, if PAN is responsible for this change or Google? And regardless if PAN is able to modify the apps and include gzip as 'necessary'.

0 Likes Likes

SDorsey
L4 Transporter
In response to Hithead

‎08-18-2014 08:35 AM

That is hard to answer depending on many variables.

For example, maybe Google was using TLS1.2 but your PAN was not yet at the version which added 1.2 support so it wasn't decrypting that specific traffic.

Or maybe Google just added GZIP compression to their public services. Or maybe a PAN content update allowed it to better identify GZIP compression within Google apps.

PAN has supported GZIP compression identification for quite a bit though. It even uncompresses and scans GZIP encoded traffic essentially (IPS Scanning of Compressed Files)

As for PAN adding gzip as necessary to the App-ID for the Google Apps, are you just looking for the firewall to tell you that you also need to allow GZIP? Because if you have an explicit deny, I do not believe it auto-allows other needed apps. I think it only does this if you lack an explicit Deny.

But you should always have an explicit deny. Smiley Wink

0 Likes Likes
  • 6318 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks