Solved

ChatGPT broken with Netskope now

  • 25 October 2023
  • 9 replies
  • 343 views

Userlevel 4
Badge +12

Can anyone else confirm? It seems starting yesterday anytime you interact with ChatGPT with Netskope enabled (steering and decrypting) you get the following attached error. Using a Do Not Decrypt rule fixes the issue.

icon

Best answer by nduda 25 October 2023, 18:43

View original

9 replies

Userlevel 3
Badge +14

If you haven't already, follow the below steps to add domains to the IPS policy exception (if IPS is enabled on your tenant) and remove the DnD policy. 

  1. Browse to Settings/Threat Protection/IPS Settings
  2. Under Domain Allowlist, click Edit
  3. Add the following domains separated by commas, like so: openai.com, *.openai.com, cloudfront.com, *.cloudfront.com, gstatic.com, *.gstatic.com, chat.openai.com, *.chat.openai.com, widget.intercom.io
  4. Click Save
Userlevel 4
Badge +12

IPS is disabled on our tenant (way too many FP's)

Userlevel 4
Badge +12

Looks like an internal memo is going around about this. It has to do with Cloudflare/ChatGPT not accepting HTTP 1.1 randomly. For customers (like us) using RBI we had to downgrade the tenant to HTTP 1.1. The fix is to move back to HTTP 2.0 (which we can't) or have Netskope configure HTTP 2.0 specifically for chatGPT domains on the backend (which we will have them do).

Userlevel 3
Badge +12

As you stated today, RBI doesn't support HTTP/2 Support; This also includes IPS and Forward to Proxy functionality. We are actively working with Engineering to identify a solution as;
ChatGPT needs HTTP/2 support(This is a expected to be a temporary solution while a fix can be implemented) and RBI/IPS/Forward to Proxy requires HTTP/2 be disabled.

This also seems to be browser-dependent out of Chrome, Firefox and Safari, only Chrome seems to exhibit this problem for us.

Badge +2

i can confirm this is the behavior as well

Userlevel 4
Badge +12

We saw the issue in all browsers. It was totally related to HTTP 1.1 and our usage of RBI. The issue was resolved by Netskope enabling HTTP 2.0 just for the chatgpt domains on our tenant.

Userlevel 2
Badge +6

Having Same Issues.

I took the time to look at this away from Netskope, this really seems to be a Chrome thing, I have to assume that RBI is using Chromium, which would make sense that it shows up there too.

Away from Netskope you can launch chrome with the --disable-http2 error flag and the problem is presented. I dont know if this is a random not responding; I am getting a returned 403 error.

Anyway, I raised it via chatgpt helpdesk help as it smells like a bug in their web app to me, unless they intend to pull support for HTTP1.1, which then you have to ask, why even let you login.

If anyone else wants to verify and raise it with chatgpt, the noise might get it looked at sooner.

Reply