When the Origin Content Server (OCS) returns a content-encoding response header of one type but encodes the data differently, the Web Security Service (ThreatPulse cloud) displays the exception page to forbid the web access.
Content Encoding Error
The web server whose HTTP response headers indicate that it will be responding with one type of encoding, responds instead with a different type of encoding.
For example, what is commonly seen is that a web server returns a gzip compressed object, but the content is actually text.
If we take a PCAP when accessing this site, you can see that most of the responses have "Content-Encoding: gzip".
Example:
We can see the response content is served in gzip (looks like garbage data).
===
Content-Encoding: gzip
Content-Length: 10116
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...<...[Zf...>....g..y6;z...,.......>Z......w..y...._...?......x..Z......G..Z...^:;.,.].'..e..?.....VU.z-..Y;.l._..|......h...n.Y.....2..i]...Zv.........h....c..<O_.....K...U..>..iz.n.j.....*...][email protected]_....E5..e..z{o..xo...GG..JS..qY,...:?.wNdpw'U.6m......(..........y.....z.u...{e<.K.;..z.rL..W.
.t.......^.q.Ev..}.-....K.y..no+=.g.D.no...Mj.x....Gw.........<[..xZ-.....y.(....\..O^[email protected]...
..uzxZW...]..`.?.....v#..{P.B....`..../2*....xwo.{......;....4.^.2......c. F..t..;@|v.,&.BB..?.k.(.].#[email protected],..e1}K..h%.}..tv....
===
For this bad connection, we can see that in response header (Content-Encoding: gzip),
However, the content is actually served in text/html (<html><head><title>Object moved).
=====
Content-Encoding: gzip
Content-Length: 178
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://portal.godependable.com/secure/ltl/tracking?id=0441453">here</a>.</h2>
</body></html>
=====
Workaround
If the clients connect through a PAC file or Unified Agent, add the OCS IP into Bypass List.
If the method is through an IPSec tunnel, add the OCS IP into the bypass list of IPSec gateway (Firewall) so that it won't be forwarded to cloud service for processing.
Or, contact the Webmaster of the site to fix their encoding issue.