Support for Gzip Encoding in Clientless VPN

With Palo Alto Networks next-generation firewall deployments, you can now allow Clientless VPN users to access Gzip-compressed websites to use both internal and SaaS applications. Support for Gzip encoding ensures that the Gzip encoding request within the HTTP header is accepted by the Clientless VPN portal. This ensures that the content from the Gzip-compressed web pages is rendered correctly when accessed through the Clientless VPN portal.
The following diagram illustrates the extended support to allow users to access internal and SaaS applications through Clientless VPN.
The Clientless VPN can determine whether to use Gzip encoding based on the HTTP request from the client and the corresponding response from the app. The
value must be included as one of the Accept-Encoding header values so that it is accepted by the Clientless VPN.
For example, consider the following scenarios when the Clientless VPN uses Gzip encoding:
  1. The browser sends an HTTP request to the website with the Accept-Encoding header values set to
    , and
    , as shown in the following example.
  2. The Clientless VPN portal parses the incoming HTTP request from the browser and sets the Accept-Encoding header value to
    that indicates support for Gzip encoding, as shown in the following example.
  3. If the website supports Gzip encoding in the HTTP response, the website sends the Content-Encoding header as
    that indicates the content is in Gzip format, as shown in the following example.
  4. The Clientless VPN forwards the response received from the website to the web browser in the same format, as shown in the following example.
    If the HTTP request received by the Clientless VPN does not include
    as one of the encoding methods, the Clientless VPN does not accept Gzip encoding either.

Recommended For You