ICAP Options used by DLP Web Prevent when sync'd with Proxy
search cancel

ICAP Options used by DLP Web Prevent when sync'd with Proxy

book

Article ID: 406463

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

When collecting ICAP settings in the Proxy Console for the linked DLP Network Prevent for Web host, what options should be returned?

In the Proxy Console, navigate to Configuration > Content Analysis > ICAP > Analysis view > Select one of the Icap Services (DLP server) > Icap Options > select "Sense Settings".


Environment

Symantec Data Loss Prevention Network Prevent for Web 16.x
BlueCoat Proxy

Resolution

DLP Network Prevent for Web uses Authenticated User and Client Address

Additional Information

Successful wireshark pcap results from the DLP Web Prevent server show the following X-Include results (in red) when "Sense Settings" is triggered:

OPTIONS icap://<server>/reqmod ICAP/1.0

Host: <hostname>

X-Client-Abandon-Supported: 1

X-ISTag-Version: 2

X-Scan-Progress-Interval: 10

Encapsulated: null-body=0

 

ICAP/1.0 200 OK

ISTag: "Vontu16.0"

Methods: REQMOD

Options-TTL: 3600

Preview: 4096

Transfer-Preview: *

Allow: 204

X-Include: X-Client-IP, X-Authenticated-User

Encapsulated: null-body=0

Max-Connections: 128

Powered by Wolken Software