How do I exempt a single domain from ICAP max file size errors?
search cancel

How do I exempt a single domain from ICAP max file size errors?

book

Article ID: 166088

calendar_today

Updated On:

Products

ProxyAV Software - AVOS ProxySG Software - SGOS

Issue/Introduction

Scenario:

  • Some website content is causing a ICAP max file size error.  Some of the content scans correctly without error.
  • You want to scan all contents on a certain domain but serve the content even if the ICAP max file size error happens.  You do not want to serve contents for other websites if the ICAP max file size error occurs.

Solution:

When an ICAP-based anti-virus service (such as the ProxyAV) reports the Max File size error, it sends the ProxySG appliance a response code of 4XX or 5XX.  Using this response code, you can define policy to ignore the error and serve the file to the requesting user. Do this by implementing the ProxySG rules below:  

<cache> 
url.domain=example.domain.com response.icap_service(icap,fail_open) 
response.icap_service(icap,fail_closed) response.icap_service.secure_connection(auto) 

Note:  Matching a rule with fail open for ICAP response should configure the appliance to serve the content if the ICAP max file size error occurs (ICAP server 4xx or 5xx error).