How to test ICAP connectivity to DLP Web Prevent

book

Article ID: 160349

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Web

Issue/Introduction

You are configuring ICAP with DLP Web Prevent, and you are receiving an error (for example, "Incorrect ICAP response"). You need a method of checking the functionality of Web Prevent without requiring a proxy server for verification.

Resolution

In order to prove that the Web Prevent server is functioning properly with regard to accepting ICAP client connections, there are several actions which should show with relative certainty that it is healthy. 
  1. Check the status of the Web Prevent server in Enforce. Ensure that there are no errors and that all the processes are running and checking in with the Vontu Manager. (While there, click the Settings button for the server, and confirm the Port setting - default is 1344.)
  2. Open a Telnet session to the Web Prevent server, specifying the port number (default 1344):

    telnet <server_name_or_IP> <port>

  3. When the Telnet session opens, type the following and press Enter:

    OPTIONS icap://127.0.0.1:1344/reqmod ICAP/1.0

    Note 1: On some servers, depending on the Telnet options, the command may not echo to the screen, or you may need to press Enter twice.
    Note 2: If you are using RESPMOD (as opposed to REQMOD), modify the URL accordingly.

  4. If the Web Prevent server is successfully responding to ICAP, the response should look similar to the following (DLP version 11.5 in this example):

    ICAP/1.0 200 OK
    ISTag: "Vontu11.5"
    Methods: REQMOD
    Options-TTL: 3600
    Preview: 4096
    Transfer-Preview: *
    Allow: 204
    X-Include: X-Client-IP, X-Authenticated-User
    Encapsulated: null-body=0
    Max-Connections: 25

    Note that if the OPTIONS response does not include the ISTag value, some proxy servers (such as Blue Coat) will fail with an invalid connection error.

  5. Hit Ctrl-] to exit the command and get back to the telnet prompt. Type "quit" to exit the Telnet session.