Why have X-Client-IP and X-Server-IP been added in ICAP header?


Article ID: 167586


Updated On:


ProxySG Software - SGOS


When ProxySG sends ICAP packets to an ICAP server, X-Client-IP and X-Server-IP are being added in the ICAP header. Why does it happen?



You can select ICAP send options on ICAP service editor window (from ProxySG Management Console > Configuration > External Services > ICAP , select ICAP service, then click Edit, and under the ICAP v1.0 Options box, check/uncheck Send options > OK > Apply).

The Send options allow additional information to be forwarded to the ICAP server. Select one or more of the following: Client addressServer addressAuthenticated user, or Authenticated groups.

If you have checked "Client address" and "Server address," ICAP send options on your ProxySG; the ProxySG will add the information before it sends ICAP packet to ICAP server.

19	2014-03-13 22:20:45.593766	ICAP	1344	1280	REQMOD icap:// ICAP/1.0
	Internet Content Adaptation Protocol
		REQMOD icap:// ICAP/1.0\r\n
		X-Scan-Progress-Interval: 10\r\n
		Encapsulated: req-hdr=0, req-body=1033\r\n
		POST http://www.example.com/something.do HTTP/1.1\r\n

If you check Authenticated user or Authenticated groups send options, you will see addional information added in ICAP header such as X-Authenticated-User or X-Authenticated-Groups header.

X-Authenticated-User: V2luTlQ6Ly9NWURPTUFJTi91c2VyMQ==
X-Authenticated-Groups: V2luTlQ6Ly9NWURPTUFJTi9NeUdyb3Vw