Customer his integrated ProxySG with Symantec's DLP solution, Vontu via icap. The customer now wants to send the username via icap and have Vontu dlp do the group lookup based on the username the ProxySG sends.

In Proxy device, one can apply policy options given below to achieve this. The options given below depends on how the format should be when sending to the DLP device.

Option 1: Username in the format of "Domain\Username"

<Proxy>
action.ICAP_REQMOD_User(yes)

define action ICAP_REQMOD_User
set(icap_reqmod.request.x_header.X-Authenticated-User, '$(user:encode_base64)')
end

Option 2: Username in the format of "username". i.e. without Domain prefix

<Proxy>
action.ICAP_REQMOD_User(yes)

define action ICAP_REQMOD_User
set(icap_reqmod.request.x_header.X-Authenticated-User, '$(cs-username:encode_base64)')
end

Note: The username sent by the ProxySG is base-64 encoded