ICAP REQMOD Best Practices
search cancel

ICAP REQMOD Best Practices


Article ID: 244950


Updated On:


ProxySG Software - SGOS


If you have configured the ICAP REQMOD service for DLP on the appliance, review these policy best practices to ensure
high volumes of requests to the DLP do not affect performance.


Exclude Long-Running Streams
Long-running or infinite streams can keep the limited number of connections the DLP server can maintain busy, leading to
the queuing subsequent requests. Use the following CPL to exclude these known long-running streams.

To exclude Microsoft Azure URLs
 url.host.is_numeric=yes url.path.substring="servicebus/webstream" request.icap_service(no)

For more information, see the knowledge base article: Article ID: 173392

To exclude streams
 url.domain=stream.example.com request.icap_service(no) response.icap_service(no)
 url.domain=clientstream.example.com request.icap_service(no) response.icap_service(no)

Monitor Long-Running Streams
Additional long-running streams might need to be excluded. Use event log messages to monitor these streams. No
additional configuration is required to display the long-running streams information.
Messages for long-running streams have the following format:
ICAP long scanning reqmod transaction for url using service_name for N seconds and M bytes
ICAP long scanning reqmod transaction finished for url using service_name for N seconds and M bytes

• url is the URL of the long-running stream
• N is the number of seconds since the start of the ICAP transaction.
• M is how many bytes sent to ICAP service before the transaction is assumed to be a long running transaction.

See the following example:
2020-03-06 21:29:23-00:00UTC "ICAP long scanning reqmod transaction for using cas1
 after 60 seconds and 1684703331 bytes" 0 3D0003:96 opp_action.cpp:822
2020-03-06 21:29:44-00:00UTC "ICAP long scanning reqmod transaction finished for
 using cas1 after 81 seconds and 2274059168 bytes" 0 3D0003:96 opp_action.cpp:822