You wish to serve a custom exception page defined on ProxySG for any or a specific ICAP error.
ProxySG and AV/CA device are required. The AV/CA device returns the ICAP error page and the proxy SG can act upon receiving the ICAP error with an exception page.
For the purpose of the demo we used the "MaxFIleSizeExceeded" ICAP error page returned:
===============================
Below output taken from the policy trace
================================
(Lines omitted for brevity)
MATCH: icap_error_code=any exception(user_defined.user-defined.my_exception)
(Lines omitted for brevity)
ICAP RESPMOD Scan Summary:
Error code: max_file_size_exceeded
Details: Maximum file size exceeded; File: ubuntu-16.04.3-desktop-amd64.iso; Sub File: Unknown; Vendor: Pre AV call, no vendor data; Engine version: Unknown; Pattern version: Unknown; Pattern date: Unknown
Summary: icap-error-code: max_file_size_exceeded, icap-error-details: Maximum file size exceeded; File: ubuntu-16.04.3-desktop-amd64.iso; Sub File: Unknown; Vendor: Pre AV call, no vendor data; Engine version: Unknown; Pattern version: Unknown; Pattern date: Unknown
(Lines omitted for brevity)
================================
You can see that the ICAP error page was returned and also that we MATCH-ed the rule to serve an exception page
The solution can be applied both in VPM and CPL.
CPL solution:
<Proxy>
icap_error_code=({ICAP error}) exception(user-defined.{Exception page})
Where {ICAP error} is one of the below and {Exception page} is as defined under MC>Configuration>Policy>Exceptions
scan_timeout, decode_error, password_protected, insufficient_space, max_file_size_exceeded, max_total_size_exceeded, max_total_files_exceeded, file_extension_blocked, antivirus_load_failure, antivirus_license_expired, antivirus_engine_error, connection_failure, request_timeout, internal_error, server_error, server_unavailable.
VPM solution
*NOTE - This solution assumes that ICAP service is configured and the traffic is send for scanning.