FireWall-1 FAQ: Content-Encoding Type Not Allowed
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
If you see this message in the logs, it is likely because your web browser supports alternative encoding schemes like gzip, deflate, or compress encoding of documents and is talking to a website that can support these methods. The end result is the download is faster. However, the HTTP Security Server needs a little help in supporting this.
In FireWall-1 4.1 SP2, it is possible to enable support for this by adding the following to the :props( section of $FWDIR/conf/objects.C:
:http_disable_content_enc (true)
:http_disable_content_type (true)
If it exists, remove the line that says:
:http_use_cvp_reply_safe (true)
For guidelines on editing objects.C, see: How do I edit objects.C or objects_5_0.C?.
You will also need to make a change on the firewall module in how it tries to communicate with the CVP server. Edit $FWDIR/conf/fwopsec.conf. Change the line that says:
server 127.0.0.1 18181 auth_opsec
so it says
server 127.0.0.1 18181 opsec
Bounce the gateway (fwstop; fwstart) and reload the security policy.
