Description:
In some environments, it is necessary to reconfigure the Secure Web Gateway (SWG) Download Status Page so that users can access Yahoo Mail.
Symptoms:
When a user tries to access Yahoo Mail while proxying through a SWG appliance, the following text could appear in the user’s browser:
Ooops. Yahoo! Mail can't load.
Loading Yahoo! Mail failed due to a client side error.
When the administrator reviews the Web Logs on the appliance, they will not see any blocks that are related to the Yahoo Mail session.
Cause:
These symptoms occur when a script that is downloaded from the Yahoo Mail site is not received by the browser. Yahoo Mail uses a JavaScript file that is over 800 KB in size, which is atypically large for a web-based script. In order to inform users that a file is downloading and being scanned, SWG appliances usually send a Download Status Page to the browser when retrieving files that are over 512 KB in size. In the case of Yahoo Mail, the browser displays an error because it is expecting to receive a script but it receives the HTML-based Download Status Page instead.
Solution:
There are two ways to address this without disabling any scanning functionality for the Yahoo Mail site. Both involve adjusting the status page’s configuration. Either option is sufficient by itself. There is no need to do both, although it is certainly possible to do both.
Option 1
Increase the status page’s “Size Threshold for Immediate Activation”. Below are the locations that this setting can be found in different VSOS versions.
VSOS 8.x setting location: Settings -> Miscellaneous -> Status Page
VSOS 9.x setting location: Administration -> System Settings -> Scanning Options -> General Settings
Note - In order for this change to be effective the threshold must be increased beyond the size of the script file. For example, 1024 KB has tested successfully with Yahoo Mail. This will disable the status page for all downloads under 1 MB. With most high speed Internet connections, this should be fine. This might only cause some consternation amongst users if they are downloading a file that is almost 1 MB from a very slow site. In any case, there is a second status page configuration option that activates the status page if a download takes over 5 seconds, so users will not have to wait long for a response.
Option 2
Disable the status page for JavaScript files.
VSOS 8.x configuration: Append “, x-javascript” (without the quotes) to the contents of the “Don't Activate if Content Type includes following Substrings” field at Settings -> Miscellaneous -> Status Page.
VSOS 9.x configuration: Navigate to Administration -> System Settings -> Scanning Options -> Activate, click Edit, click the green + in the Unless box, choose “Mime Type Contains”, and enter “x-javascript” (without the quotes).
Notes - When the status page is disabled for JavaScript downloads, a user who tries to manually download a large, individual JavaScript file (instead of the browser retrieving it as part of a web page) may experience a delay if they are communicating with a slow server. However, it is very unusual for a user to download individual JavaScript files manually.
Please be sure to Apply/Save and Commit any changes before retesting access to Yahoo Mail. Please wait for the commit to finish completely. It is also important to close any open browser windows and clear the browser’s cache.
Software Versions:
8.x
9.x