Can anyone else confirm? It seems starting yesterday anytime you interact with ChatGPT with Netskope enabled (steering and decrypting) you get the following attached error. Using a Do Not Decrypt rule fixes the issue.
Solved
ChatGPT broken with Netskope now
Best answer by nduda
Looks like an internal memo is going around about this. It has to do with Cloudflare/ChatGPT not accepting HTTP 1.1 randomly. For customers (like us) using RBI we had to downgrade the tenant to HTTP 1.1. The fix is to move back to HTTP 2.0 (which we can't) or have Netskope configure HTTP 2.0 specifically for chatGPT domains on the backend (which we will have them do).
This topic has been closed for replies.
+14If you haven't already, follow the below steps to add domains to the IPS policy exception (if IPS is enabled on your tenant) and remove the DnD policy.
- Browse to Settings/Threat Protection/IPS Settings
- Under Domain Allowlist, click Edit
- Add the following domains separated by commas, like so: openai.com, *.openai.com, cloudfront.com, *.cloudfront.com, gstatic.com, *.gstatic.com, chat.openai.com, *.chat.openai.com, widget.intercom.io
- Click Save
Looks like an internal memo is going around about this. It has to do with Cloudflare/ChatGPT not accepting HTTP 1.1 randomly. For customers (like us) using RBI we had to downgrade the tenant to HTTP 1.1. The fix is to move back to HTTP 2.0 (which we can't) or have Netskope configure HTTP 2.0 specifically for chatGPT domains on the backend (which we will have them do).
+12As you stated today, RBI doesn't support HTTP/2 Support; This also includes IPS and Forward to Proxy functionality. We are actively working with Engineering to identify a solution as;
ChatGPT needs HTTP/2 support(This is a expected to be a temporary solution while a fix can be implemented) and RBI/IPS/Forward to Proxy requires HTTP/2 be disabled.
This also seems to be browser-dependent out of Chrome, Firefox and Safari, only Chrome seems to exhibit this problem for us.
We saw the issue in all browsers. It was totally related to HTTP 1.1 and our usage of RBI. The issue was resolved by Netskope enabling HTTP 2.0 just for the chatgpt domains on our tenant.
I took the time to look at this away from Netskope, this really seems to be a Chrome thing, I have to assume that RBI is using Chromium, which would make sense that it shows up there too.
Away from Netskope you can launch chrome with the --disable-http2 error flag and the problem is presented. I dont know if this is a random not responding; I am getting a returned 403 error.
Anyway, I raised it via chatgpt helpdesk help as it smells like a bug in their web app to me, unless they intend to pull support for HTTP1.1, which then you have to ask, why even let you login.
If anyone else wants to verify and raise it with chatgpt, the noise might get it looked at sooner.
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.