Cannot install Java based Application on Windows when going through WSS

book

Article ID: 198305

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users accessing WSS using explicit access method

Users can browse sites without issues

When installing a java based application however, the install fails to complete and a connectivity error is reported on the client after 60 seconds

Application install seems to download huge number of files with .deploy extension that appear to contain java classes

Cause

Malware scanning causing delayed responses for .deploy objects

Proxy sends back scanned payload one byte at a time, causing huge delays.

Environment

Web Services Security

Clients running on WIndows 10

Clients downloading and updating Java Application on local host 

Resolution

Exempt the Application domain name Under Content Analysis -> Scanning exceptions

Additional Information

PCAPs showed the GET/CONNECT requests from the user and 200 OK responses

During the exchange, the 200 OK responses start off with full TCP payloads of 1460 (1500 ethernet packet minus 20 byte IP and 20 byte TCP header). As the install goes on, we see the payload in the responses drop to 1 byte in size.

These one byte packets cause huge delays with the responses - we send 1460 packets instead of one!