Crafting Policy on Edge SWG (ProxySG) Using X-Apparent-Data-Types Header in ICAP.
search cancel

Crafting Policy on Edge SWG (ProxySG) Using X-Apparent-Data-Types Header in ICAP.

book

Article ID: 262382

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS Advanced Secure Gateway Software - ASG ISG Content Analysis Content Analysis Software

Issue/Introduction

Configuring Edge SWG to take action on File Types utilizing ICAP Apparent Data Type Headers

Resolution

When CAS detects an apparent file type (such as an MSI file), it returns this information in the X-Apparent-Data-Types header of the ICAP response sent back to the EdgeSWG.

You can configure the EdgeSWG to read this header and take action the transaction accordingly.



Configuration Steps:

  1. On the ProxySG, navigate to or create a new Web Access Layer and create a new rule.

  2. In the Destination field, select ICAP RESPMOD Header Object.

  3. Set the Header Name to exactly X-Apparent-Data-Types.

  4. Set the Header Regex to the target file type (for example, MSI).

  5. Set the Action for this rule to Deny (or your preferred action).

  6. Install Policy to apply the changes.

Additional Information

Tip: Identifying the Correct Apparent Data Type String If you are unsure of the exact file type string to use in your Edge SWG rule, you can find it using the CAS built-in test utility:

  1. Log in to the CAS GUI.

  2. Navigate to Utilities > Test.

  3. Choose Select and Scan Test File and upload a sample of the file.

  4. Review the scan Response. The exact value to use in your regex will be displayed next to the X-Apparent-Data-Types header.


 

Powered by Wolken Software