Why have X-Client-IP and X-Server-IP been added in ICAP header?

book

Article ID: 167586

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When ProxySG sends ICAP packets to an ICAP server, X-Client-IP and X-Server-IP are being added in the ICAP header. Why does it happen?

 

Resolution

You can select ICAP send options on ICAP service editor window (from ProxySG Management Console > Configuration > External Services > ICAP , select ICAP service, then click Edit, and under the ICAP v1.0 Options box, check/uncheck Send options > OK > Apply).

The Send options allow additional information to be forwarded to the ICAP server. Select one or more of the following: Client addressServer addressAuthenticated user, or Authenticated groups.

If you have checked "Client address" and "Server address," ICAP send options on your ProxySG; the ProxySG will add the information before it sends ICAP packet to ICAP server.

19	2014-03-13 22:20:45.593766	192.168.10.1	10.10.1.1	ICAP	1344	1280	REQMOD icap://10.10.1.1/reqmod ICAP/1.0
	Internet Content Adaptation Protocol
		REQMOD icap://10.10.1.1/reqmod ICAP/1.0\r\n
		Host: 10.10.1.1\r\n
		X-Scan-Progress-Interval: 10\r\n
		X-Client-IP: 10.169.0.55\r\n
  		X-Server-IP: 74.125.225.48\r\n
		Encapsulated: req-hdr=0, req-body=1033\r\n
		\r\n
		POST http://www.example.com/something.do HTTP/1.1\r\n

If you check Authenticated user or Authenticated groups send options, you will see addional information added in ICAP header such as X-Authenticated-User or X-Authenticated-Groups header.

X-Authenticated-User: V2luTlQ6Ly9NWURPTUFJTi91c2VyMQ==
X-Authenticated-Groups: V2luTlQ6Ly9NWURPTUFJTi9NeUdyb3Vw