| Description | This article describes the troubleshooting steps for traffic getting blocked by Web Filter with the message unknown content-encoding detected and blocked. |
| Scope | FortiGate. |
| Solution |
Sometimes When trying to access any website it gets blocked by FortiGate Web Filter and checking its log shows the message blocked by unknown content-encoding detected and blocked.
date=2025-12-22 time=11:27:08 eventtime=1766420827987384701 tz="-0500" logid="0249009241" type="utm" subtype="virus" eventtype="unknown" level="warning" vd="root" policyid=14 sessionid=165536541 srcip=10.10.21.93 dstip=13.33.67.94 srcport=53052 dstport=443 srcintf="lan" srcintfrole="lan" dstintf="port1" dstintfrole="wan" proto=6 service="HTTPS" action="blocked" group="Internet-Access-MKTG" url="https://cf.ctctcdn.com/g/113/234.png" content encoding="base64" msg="Unknown content-encoding detected and blocked."
This happens because some of the websites use new ZSTD encoding or ZStandard (RFC 8878), which is not supported in the previous version of FortiGate, causing the inspected profile applied on the policy, instead of allowing, will fail to inspect and be blocked, as the default value for this is set to block. It is fully supported for both Flow-based and proxy-based inspections from versions 7.2.9, 7.4.5, and 7.6.0.
There are a few workarounds for this, and any of the following can be followed.
In the FortiGate:
The default profile-protocol-options is read-only and cannot be changed. So to change it, create a new profile-protocol-options and set it to inspect. These changes can only be done in the CLI.
In the GUI, it can be seen under Policy & Object -> Firewall Policy and then under Firewall/Network Options.
In Browser:
edge://flags/#enable-zstd-content-encoding
chrome://flags/#enable-zstd-content-encoding
Related documents: |
