With Palo Alto Networks next-generation
firewall deployments, you can now allow Clientless VPN users to
access Gzip-compressed websites to use both internal and SaaS applications.
Support for Gzip encoding ensures that the Gzip encoding request
within the HTTP header is accepted by the Clientless VPN portal. This
ensures that the content from the Gzip-compressed web pages is rendered correctly
when accessed through the Clientless VPN portal.
The following diagram illustrates the extended support to allow
users to access internal and SaaS applications through Clientless
VPN.
The Clientless VPN can determine whether to use Gzip encoding
based on the HTTP request from the client and the corresponding
response from the app. The gzip value must
be included as one of the Accept-Encoding header values so that
it is accepted by the Clientless VPN.
For example, consider the following scenarios when the Clientless
VPN uses Gzip encoding:
The browser sends an HTTP request to the website with
the Accept-Encoding header values set to gzip, deflate,
and br, as shown in the following example.
The Clientless VPN portal parses the incoming HTTP request
from the browser and sets the Accept-Encoding header value to gzip that
indicates support for Gzip encoding, as shown in the following example.
If the website supports Gzip encoding in the HTTP response,
the website sends the Content-Encoding header as gzip that indicates
the content is in Gzip format, as shown in the following example.
The Clientless VPN forwards the response received from the
website to the web browser in the same format, as shown in the following
example.
If the HTTP request
received by the Clientless VPN does not include gzip as
one of the encoding methods, the Clientless VPN does not accept
Gzip encoding either.