cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Webgateway handle download

Hi all.

I'm facing a problem with the way my Webgateway handle downloads, at first the version I'm using is Mcafee Webgateway version 7.3.2.10.

The problem is that the Webgateway downloads all the file-content first to then send to the client. While the webgateway download the file there's no warning message to client, progress bar or message that the file being downloaded.

I looked for Web cache but for larger files like pdf >20MB or big ISO it is skiping to write on cache and working. (request, response and embeded)

The same applys to anti-malware it's not inspecting larger files.

I'd like that the Webgateway behavior, for this cases,  act as: If the content-length is larger than 20MB send download direct to the client.

Someone know how to solve this problem?

5 Replies
Highlighted

Re: Webgateway handle download

Also interest in how the MWG handles large downloads as we face issues with large files.  Client appears to sit & wait, sometime it works, most of the time fails.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: Webgateway handle download

Moved from Consumer section to Business/Email & web Security/Web Gateway for attention.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Webgateway handle download

Hello,

if MWG downloads larger files without giving data to the client (called progress indication) there is something wrong in your policy. In the default policy there is a "Progress Indication" rule set as part of the "Common" rules, which ensures MWG keeps the client busy, otherwise it will timeout will MWG is busy scanning the file. MWG uses Progress Pages or Data Trickling, depending on the client and/or configuration in the policy. For Data Trickling MWG sends a small amount of bytes to the client for every MB it downloaded, for Progress Pages you will see a web page which tells you about the progress while MWG is busy.

Important: The rules which enable progress indication should be executed before any rule is applied that needs the complete file.

To pass files > 20 MB without looking into them you can set a rule like Header.Request.Exists(Content-Length) AND Header.Request.Get(Content-Length) > 2048000 Then Stop Cycle, maybe in the "Global Whitelist" if you have this in the default policy.

Best,

Andre

Highlighted

Re: Webgateway handle download

We have bypass in-place and tried various exceptions.  Many other sites work, i.e. ISO from redhat, etc.  But with this, oracle.com, issues.

Running a pkt capture I can see the McAfee getting large amounts of data from Oracle, but my client is pending.  Eventually something timesout (about 6mins) and you are presented with a screen from Oracle stating you did not authenticate in time.

From what we have checked appears you connect to there download, then receive a 302 and now the URI includes the download filename and an token/hash.  So appears maybe the McAfee is grabbing the data, but the client is not then being redirected in time with the token, hence eventually Oracle stops the transfer.

But with Data Trickle and/or Progress enabled or not, the client never starts seeing data.  You never get the Save As/Popup.  Other site you immediately get something on the client.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Webgateway handle download

Hello,

did you verify that the Data Trickling/Progress Page rules are executed for the actual download URL, e.g. the URL that is called by the browser after the 302? If the rules are executed there should be data forwarded to the client (or the client is getting redirected to the progress page). If that does not happen although the rules are executed you should file a service request with tech support to have them replicate and analyze the problem.

If you have a packet capture maybe you can look into the response from the server when it sends the large file. I have seen a server sending something like "Content-Length: 12345, 12345", which caused MWG to behave similar (e.g. never forward any data to the client). However I believe this was a server malfunction and it may not apply to this problem, but who knows 🙂

Best,

Andre

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community