Bypass Scanning for Large Files with The ICAP Best Practices Policy

book

Article ID: 167532

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

I obtained the ICAP Best Practices content policy layer (CPL) script from Tech242686 and added it in the local policy file, but the ProxySG still redirects large objects without bypassing ICAP for the affected traffic.

In respect to the ICAP Best Practices:

  • The ICAP Best Practices will bypass ICAP RESPMOD(Response Modification) if the transaction matches the "NOICAP" condition.
<cache>
url.scheme=http condition=NOICAP response.icap_service(no)

 

  • The "NO_or_LARGE_CONTENT_LENGTH" condition, as defined within the CPL code, is the condition that relates to content file sizes.
define condition NO_or_LARGE_CONTENT_LENGTH
response.header.Content-Length=!""
response.header.Content-Length=!"^[0-9]{1,8}$"
end condition NO_or_LARGE_CONTENT_LENGTH
Note: The value "^[0-9]{1,8}$" in the code above, is a regex that represents 100MB. This value can be modified according to customer network needs.
For list of regex examples based on various "Content-Length" values, refer to the TECH241925.
 
  • Reviewing the script, you'll notice that the "NO_or_LARGE_CONTENT_LENGTH" condition is not added within the "NOICAP" condition.
define condition NOICAP
condition=VIDEO_AUDIO_with_NO_or_LARGE_CONTENT_LENGTH
condition=HTTPv0.9_UserAgents
condition=UserAgents_with_NO_or_LARGE_CONTENT_LENGTH

Resolution

In order to have the ProxySG bypass large files regardless of other combined conditions, you will need to add the "NO_or_LARGE_CONTENT_LENGTH" condition under the "NOICAP" condition as follows:

define condition NOICAP
condition=NO_or_LARGE_CONTENT_LENGTH
condition=VIDEO_AUDIO_with_NO_or_LARGE_CONTENT_LENGTH
condition=HTTPv0.9_UserAgents
condition=UserAgents_with_NO_or_LARGE_CONTENT_LENGTH

 

Additional information