I'm facing a problem with the way my Webgateway handle downloads, at first the version I'm using is Mcafee Webgateway version 126.96.36.199.
The problem is that the Webgateway downloads all the file-content first to then send to the client. While the webgateway download the file there's no warning message to client, progress bar or message that the file being downloaded.
I looked for Web cache but for larger files like pdf >20MB or big ISO it is skiping to write on cache and working. (request, response and embeded)
The same applys to anti-malware it's not inspecting larger files.
I'd like that the Webgateway behavior, for this cases, act as: If the content-length is larger than 20MB send download direct to the client.
Someone know how to solve this problem?
if MWG downloads larger files without giving data to the client (called progress indication) there is something wrong in your policy. In the default policy there is a "Progress Indication" rule set as part of the "Common" rules, which ensures MWG keeps the client busy, otherwise it will timeout will MWG is busy scanning the file. MWG uses Progress Pages or Data Trickling, depending on the client and/or configuration in the policy. For Data Trickling MWG sends a small amount of bytes to the client for every MB it downloaded, for Progress Pages you will see a web page which tells you about the progress while MWG is busy.
Important: The rules which enable progress indication should be executed before any rule is applied that needs the complete file.
To pass files > 20 MB without looking into them you can set a rule like Header.Request.Exists(Content-Length) AND Header.Request.Get(Content-Length) > 2048000 Then Stop Cycle, maybe in the "Global Whitelist" if you have this in the default policy.
We have bypass in-place and tried various exceptions. Many other sites work, i.e. ISO from redhat, etc. But with this, oracle.com, issues.
Running a pkt capture I can see the McAfee getting large amounts of data from Oracle, but my client is pending. Eventually something timesout (about 6mins) and you are presented with a screen from Oracle stating you did not authenticate in time.
From what we have checked appears you connect to there download, then receive a 302 and now the URI includes the download filename and an token/hash. So appears maybe the McAfee is grabbing the data, but the client is not then being redirected in time with the token, hence eventually Oracle stops the transfer.
But with Data Trickle and/or Progress enabled or not, the client never starts seeing data. You never get the Save As/Popup. Other site you immediately get something on the client.
did you verify that the Data Trickling/Progress Page rules are executed for the actual download URL, e.g. the URL that is called by the browser after the 302? If the rules are executed there should be data forwarded to the client (or the client is getting redirected to the progress page). If that does not happen although the rules are executed you should file a service request with tech support to have them replicate and analyze the problem.
If you have a packet capture maybe you can look into the response from the server when it sends the large file. I have seen a server sending something like "Content-Length: 12345, 12345", which caused MWG to behave similar (e.g. never forward any data to the client). However I believe this was a server malfunction and it may not apply to this problem, but who knows 🙂