HTTP Compression Concepts in ISA Server 2006

Microsoft® Internet Security and Acceleration (ISA) Server 2006 Hypertext Transfer Protocol (HTTP) compression reduces file size by using algorithms to eliminate redundant data. Most common Web-related file types can safely be compressed. HTTP compression uses the industry standard Deflate algorithm, which is built into the Microsoft Windows Server® Code Name "Longhorn," Windows Vista™, Windows Server 2003, and Windows® 2000 Server operating systems and Microsoft Internet Explorer® 6, Internet Explorer 5, and Internet Explorer 4. These algorithms compress static files, and optionally perform on-demand compression of dynamically generated responses before sending them over the network. These same algorithms are again used to decompress the static files and dynamic responses on an HTTP 1.1 supported client. A client that is configured to use HTTP 1.1 will request compressed content from a Web server. Web servers indicate in their responses whether they support compression.


In Internet Explorer, configure the use of HTTP 1.1 on the Advanced tab of Internet Options, by selecting Use HTTP 1.1 through proxy connections.

Compression Scenario

A company has its headquarters in New York City, and branch offices throughout the world. Some of the larger branch offices may be connected directly to headquarters with high-speed connections. Others may be connected as virtual private networks (VPNs), over communication lines of varying speeds and latencies. For example, a small, remote branch office may be connected directly (over a frame-relay line) or as a VPN over a 56 or 64-kilobits per second (Kbps) line. Often, the main office proxy routes Internet requests directly to the Internet, whereas the branch offices may route their requests through headquarters.

Compression of content between the branch offices and the main office is required to preserve the limited bandwidth. ISA Server 2006 provides HTTP compression to reduce bandwidth usage. Note that HTTP 1.1 supports compression, whereas HTTP 1.0 does not.

ISA Server 2006 also inspects compressed HTTP communications.

HTTP Compression in ISA Server

HTTP compression in ISA Server is a global HTTP policy setting. It applies to all HTTP traffic that passes through ISA Server to or from a specified network or network object, rather than to traffic handled by a specific rule. HTTP compression is provided by two Web filters:

  • Compression Filter. This filter is responsible for compression and decompression of HTTP requests and responses. This filter has a high priority, and is high in the ordered list of Web filters. This is because the filter is responsible for decompression. Decompression must take place before any other Web filters inspect the content.
  • Caching Compressed Content Filter. This filter is responsible for caching of compressed content and serving a request from the compressed content in the cache. This filter has the lowest priority, and is low in the ordered list of Web filters, because caching can take place after all other filters have handled the content.

Do not change the default priority and order settings of these filters.

HTTP compression also provides a range compression feature.

HTTPS Traffic

ISA Server provides secure handling of compressed Secure HTTP (HTTPS) traffic, and inspection of that traffic in a bridging scenario.

Inspection of HTTPS traffic

HTTPS traffic that is tunneled through ISA Server cannot be inspected. This is true for compressed HTTPS traffic that is tunneled through ISA Server. However, in a bridging scenario, inspection of HTTPS traffic is performed by ISA Server, in the following order:

  1. Decryption
  2. Decompression
  3. Inspection
  4. Encryption
  5. Compression

By using compression for HTTPS traffic, you can improve response efficiency, which is particularly important for HTTPS. This also enables the caching of security-neutral page elements (such as certain graphics) by ISA Server, further improving efficiency.

Note that the bridging scenario requires a digital certificate for each ISA Server computer (in the branch office and in headquarters), and for published servers, as appropriate.

Compressed HTTPS traffic and browser security

Versions of Internet Explorer that predate recent security patches for Internet Explorer 6.0, decompress, decrypt, and store a local copy of compressed HTTPS traffic. This presents a security risk, particularly for information received on a public computer. For this reason, when one of those browsers requests compression, ISA Server returns uncompressed data. Requests that pass through some Web proxies may also result in ISA Server returning uncompressed data.

ISA Server Cache and Compression

ISA Server cache and compression work together to provide more efficient serving of compression requests. Note the following about how cache and compression work together:

  • Content is cached in one of these formats:
    • Compressed. Content is requested in compressed format and cached in compressed format.
    • Uncompressed. Content is requested in uncompressed format and cached in uncompressed format.
    • Uncompressed and Incompressible. If a client requests compressed content, and it arrives at the cache uncompressed, it is stored in the cache as incompressible. The next time the request for the same compressed content is received, ISA Server recognizes that the content is incompressible, and serves it from the cache uncompressed rather than from the Internet. Content that is inspected is also stored as uncompressed and incompressible.
  • After content is cached, it will continue to be served from the cache even if you change the compression status in the cache rule. For example, if you initially enable content inspection of compressed content, that content is stored in the cache as uncompressed and incompressible. ISA Server compresses the content before serving it to the client (if the client requested compressed content). If you disable content inspection, the content will still be served from the cache. In this case, ISA Server will continue to compress the content for clients that requested compressed content, rather than storing compressed content in the cache and serving it to clients. This can affect ISA Server performance in serving the requests. If you want compression configuration changes to be reflected in the cached content, you must first clear the cache.

To clear the cache, disable the cache through ISA Server Management, and then delete the cache storage file, such as Dir1.cdat (the default name of the ISA Server cache file). There is a cache file in the Urlcache folder on each drive that is configured for caching. After you delete the cache file, enable the cache in ISA Server Management.

There is also a sample script that describes how to clear the cache programmatically. For information, see the document "Deleting Cache Contents" at the Microsoft TechNet Web site.

Content Types and Compression

In general, some Web servers, when responding to a request, do not accurately provide the content type in the response header. For example, a response may include a Microsoft Office PowerPoint® 2003 (.ppt) file, but the response header may indicate that the content is plain text. When an Internet Explorer client receives this type of response in compressed format, it cannot interpret the response, and the user will see meaningless characters on the monitor. If the response is received uncompressed, Internet Explorer can interpret it, and the user can open and view the content. However, if the client requests compression, and the Web server replies with uncompressed content, ISA Server compresses the content, and Internet Explorer cannot interpret it. In this case, the client must request uncompressed content (by changing the compression setting in the browser) to view it.

Monitoring Compression

When you enable compression in ISA Server, you can obtain information about the use of compression from the ISA Server logs. The compression information is provided in the Filter Information column in the log. The Filter Information column is not displayed by default.

To add the column to the log display

  1. In the ISA Server Management console tree, select Monitoring.

  2. In the details pane, select the Logging tab.

  3. Click Start Query.

  4. In the log that appears, right-click any column heading, and click Add/Remove Columns.

  5. In the Add/Remove Columns dialog box, select the Filter Information column, click Add, and then click OK.

In the Filter Information column, you will see the following types of information:

  • Client. This indicates whether compression is enabled between ISA Server and the client, and whether the client requested compression. If both conditions are true, this will show Y (yes). If either condition is false, this will show N (no).
  • Server. This indicates whether ISA Server requested compression from the Web server.
  • Cache. This indicates whether content was served to the client from the cache. This sometimes mistakenly indicates Y (yes).
  • Compression Rate. The amount of compression that has taken place on a specific response. This is calculated as:
    (size of original response - size of compressed response) x 100/size of original response
  • Decompression Rate. The amount of decompression that has taken place on a specific response. This is calculated as:
    compressed output x 100/ decompressed output


A simple way to check whether compression is operational is to verify if either the compression rate or decompression rate is greater than 0.

Compression Performance Counters

The following performance counters relating to HTTP compression are provided by ISA Server.

Performance counter Description

Compression - Responses Compressed: Accumulated Ratio

The percentage of HTTP responses compressed by ISA Server out of the total number of HTTP requests handled by ISA Server.

Compression - Current Ratio of Responses Compressed

The percentage of HTTP responses compressed by ISA Server out of the number of HTTP requests handled by ISA Server, during the sample period.

Compression - Ratio of Size Reduction

For HTTP responses compressed by ISA Server, the average size reduction of the HTTP response body as a percentage of the uncompressed body size.

Compression - Current Compression Ratio

For HTTP responses compressed by ISA Server, the average size reduction of the HTTP response body as a percentage of the uncompressed body size, during the sample period.

Compression - Total Failures

The total number of failures to compress or decompress a response.

Compression - Responses Decompressed: Accumulated Ratio

The percentage of HTTP responses decompressed by ISA Server out of the total number of HTTP requests handled by ISA Server.

Compression - Current Ratio of Responses Decompressed

The percentage of HTTP responses decompressed by ISA Server out of the number of HTTP requests handled by ISA Server, during the sample period.

Configuring Compression

Configure the compression functionality in ISA Server Management, in the General node, under Configuration. Click Define HTTP Compression Preferences to open the HTTP Compression properties.

The minimum size of the packet to be compressed cannot be configured through ISA Server Management. You can configure this property using the HTTPCompressionConfiguration.MinimumCompressionLength property in the ISA Server 2006 software development kit (SDK). Because you do not want to compress and decompress small packets, you can configure the minimum size packet (in bytes) that will be compressed. The default value for the minimum size is 36 bytes.