Jul 21 2023 12:34 PM - edited Jul 21 2023 12:35 PM
Seems Edge has been including zsdch in the accept-encoding header (from searching, as far back as 112). Couldn't find any documentation on this encoding type, only sdch which is considered defunct. We started having issues with Bing search starting around the end of June 2023, and with assistance from our Firewall vendor we identified this content-encoding as unsupported on the Firewall and blocked as evasion (default) by the AntiVirus scan.
So, is this experimental, or new normal?
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.79
accept-encoding:gzip, deflate, br, zsdch
accept-language:en-US,en;q=0.9,fr;q=0.8,mt;q=0.7
Jul 25 2023 06:46 AM
Jul 25 2023 03:14 PM
@garethrobson Our case was pretty clear in our Firewall logs, so far we've only seen Bing Search select zsdch in response, and only while logged in to Edge
[I]2023-07-14 18:11:03.556553 [p:206][s:85746775] wad_dump_http_resp :2593 hreq=0x277aab10 Received response from server:
HTTP/1.1 200
content-type: text/html; charset=utf-8
cache-control: private, max-age=0
content-encoding: zsdch
expires: Sat, 15 Jul 2023 01:10:03 GMT
vary: Accept-Encoding
vary: Avail-Dictionary
x-eventid: 64b1f227b54e47b4b7f277a3c6e15111
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: <redacted>
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-<redacted>'; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
report-to: {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":0.5,"include_subdomains":true}
cross-origin-embedder-policy-report-only: require-corp; report-to="crossorigin-errors"
cross-origin-opener-policy-report-only: same-origin; report-to="crossorigin-errors"
date: Sat, 15 Jul 2023 01:11:03 GMT
set-cookie: _SS=SID=<redacted>&PC=U531&R=200&RB=0&GB=0&RG=200&RP=200; domain=.bing.com; path=/; secure; SameSite=None
set-cookie: SRCHS=PC=U531; domain=.bing.com; path=/; secure; SameSite=None
set-cookie: OIDI=<redacted>; domain=.bing.com; expires=Fri, 13-Oct-2023 01:11:03 GMT; path=/; secure; HttpOnly; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.9ca30017.1689383463.3792ccd7
[I]2023-07-14 18:11:03.556632 [p:206][s:85746775] wad_http_fwd_non_cacheable_resp :2526 resp(0x342c5894) starts processing.
[V]2023-07-14 18:11:03.556650 [p:206][s:85746775] wad_http_msg_start_setup_proc :2100 msg(0x342c5894) proc-setup started from: build_fwd_resp.
[V]2023-07-14 18:11:03.556668 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(build_fwd_resp)
[I]2023-07-14 18:11:03.556684 [p:206][s:85746775] wad_http_resp_setup_fwd_resp :2503 msg(0x342c5894) build fwd resp!
[V]2023-07-14 18:11:03.556700 [p:206][s:85746775] wad_http_resp_build_fwd_msg :2436 msg(0x342c5894)
[V]2023-07-14 18:11:03.556723 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(resp_icap)
[V]2023-07-14 18:11:03.556740 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(resp_waf)
[V]2023-07-14 18:11:03.556755 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(resp_quota)
[V]2023-07-14 18:11:03.556771 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(resp_roh)
[V]2023-07-14 18:11:03.556785 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(resp_moh)
[V]2023-07-14 18:11:03.556799 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(resp_doh)
[V]2023-07-14 18:11:03.556815 [p:206][s:85746775] wad_http_def_proc_msg_plan :2062 msg(0x342c5894) setting up processor(scan)
[I]2023-07-14 18:11:03.556832 [p:206][s:85746775] wad_resp_setup_scan_proc :1836 content type for req=0x277aab10 is allowed
[I]2023-07-14 18:11:03.556857 [p:206][s:85746775] wad_sres_entry_find :193 svr_addr=23.0.163.160, port=443, path=/search?pglt=129&q=testtest&cvid=6353cc9458a74075959c89ea2cd84d1e&aqs=edge.0.0l9j69i11004.1400j0j1&FORM=ANNAB1&PC=U531
[W]2023-07-14 18:11:03.556888 [p:206][s:85746775] __wad_setup_scan_proc :1572 msg(0x342c5894) evading attack through content-encoding=-ucsk!
[I]2023-07-14 18:11:03.556905 [p:206][s:85746775] wad_http_def_proc_msg_plan :2072 msg(0x342c5894) failed to setup scan!
[I]2023-07-14 18:11:03.556964 [p:206][s:85746775] wad_http_mstrm_on_msg_cancel :14294 req(0x277aab10) is cancelling by closing hmstrm!
[I]2023-07-14 18:11:03.557000 [p:206][s:85746775] __wad_http_req_close :1586 ret = -1!
[V]2023-07-14 18:11:03.557042 [p:206][s:85746775] __wad_http_scan_dyn_close :380 sp(0x32692fe0) got closed!
[I]2023-07-14 18:11:03.557059 [p:206][s:85746775] wad_http_scan_close :357 hs=0x32692ff8 state=done:
[V]2023-07-14 18:11:03.557076 [p:206][s:85746775] wad_http_ipsscan__destroy :716 ipsscan=0x3549fa24: destroying
2023-07-14 18:11:03.557247 [p:206][s:85746775] ipsapp ses 2575652 close
2023-07-14 18:11:03.557273 [p:206][s:85746775] ipsapp ses 2575652 send end msg 22970 len 0 dir 0
[V]2023-07-14 18:11:03.557293 [p:206][s:85746775] wad_mem_c_malloc :138 size 65556 exceeds max_elm_size (18404); not using bucket
[I]2023-07-14 18:11:03.557381 [p:206][s:85746775] wad_http_sstrm_on_msg_cancel :14384 sstrm(0x315731e4) is closing hmstrm(0x325480b0) msg(0x342c5894).
[I]2023-07-14 18:11:03.557401 [p:206][s:85746775] wad_http_mstrm_on_msg_cancel :14294 req(0x277aab10) is cancelling by closing hmstrm!
Jul 27 2023 02:22 AM
Aug 09 2023 08:29 AM
SolutionSep 16 2023 02:10 AM
Oct 02 2023 10:00 PM
Oct 06 2023 09:04 AM
@toshi_ogi_555 wrote:
The version of Edge I'm using is "117.0.2045.41", has this problem been resolved?
There is no issue with Edge browser, the topic was about a missing document which was solved.
Oct 08 2023 08:46 PM
Oct 09 2023 05:45 PM
Feb 11 2024 03:53 AM
Apr 04 2024 06:03 AM
Aug 09 2023 08:29 AM
Solution