Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

WebServer Protection: GZIP encoding of proxied HTTP traffic

The WAF strips the Accept-Encoding header from client requests, which is fine, as compression is not generally useful between the origin server and the proxy. However, it doesn't use the header itself, either. It doesn't compress proxied traffic before returning it to the client. Interestingly, pages generated by the WAF itself (such as error documents) are compressed. Only the proxied content remains uncompressed, and this can have a substantial impact on page speed.

39 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Lyle MullicanLyle Mullican shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Elmar HaagElmar Haag commented  ·   ·  Flag as inappropriate

        I am pretty sure this behavior has been fixed in 9.1. The WAF delivers web pages compressed to the requesting client by default. You can turn that off in the virtual webserver profile (advanced settings)

      • BarryGBarryG commented  ·   ·  Flag as inappropriate

        This is a good idea, but there should be a warning that CPU usage will increase somewhat on the UTM.

      • James WhiteJames White commented  ·   ·  Flag as inappropriate

        This is really stupid and means I can't use WebServer protection on any sites that need SEO or a fast response as having no gzip adds a big speed penalty.

      Feedback and Knowledge Base