Use custom rules to bypass scanning for large files

This article applies to:

• SWG 10.x
• SWG 11.x

Symptoms:

• Download is blocked and the following message is presented to the user:

Error Occurred 

HTTP Error Status: 403 Forbidden

Error Reason: Response body too large Please contact your system administrator

Cause:

• SWG proxy is limited to downloading/uploading files up to 2GB in size. This limit is configured in the Downloads tab under Administration > System Settings > SWG Devices > Scanning Server > General node:

Resolution:

If SWG proxy is expected to deal with many large files, it may help to bypass scanning for those files. This can be done by creating two additional rules in the Security Policy, as detailed below.

First Rule

The first rule should bypass scanning for large files based on the value in the content-length header field associated with the file in the transaction.

1. Create a custom HTTP header as shown below. Set the value relevant to your SWG implementation:  

    Note that the content-length header value should be set in bytes.

2. Create a new rule in the policy and add the new custom header as a condition for the rule.

3. Make sure the rule Action is set to Allow and Advanced Action is set to Bypass scanning:

Second Rule

It is possible that a file in a Web transaction will not have a content-length header specified for it. As a result, the rule we just created will not bypass scanning for such file.

For this reason we need a second rule to bypass scanning for large files based on the content size value. 

1. Use one of the default Content Size conditions available in the SWG OS, or create a new one to make it consistent with the rule above.

Content Size conditions are under: 

Version 10.x: Policies > Condition Settings > Content Size

Version 11.x: Policies > Condition Elements > Content Size

2. Create a new rule in the policy and use Content Size as a condition for the rule.