Internet Content Adaptation Protocol

The Internet Content Adaptation Protocol (ICAP) is designed to offload the processing of Internet-based content to dedicated servers. ICAP helps free up resources and standardize how features are implemented. ICAP is a lightweight protocol for executing a remote procedure call on HTTP messages. It allows ICAP clients to pass HTTP messages to ICAP servers. Enterprise Application Access (EAA) allows administrators to do service chaining with existing, co-located security appliances that support ICAP protocol for further processing of files being sent to and from end users. Examples of ICAP servers includes enterprise antivirus appliance, IPS/IDS service, and others.

The ICAP configuration fields are:

  • Service Name: Enter a descriptive name for the service.
  • Host: Enter the host or IP address of the co-located ICAP server to leverage with the EAA cloud service. This field is optional.
  • Port: Enter the port number used by the ICAP server. The default entry is 1344.
  • Health Check: To turn health checks on the ICAP server off, select OFF from the menu. To turn health checks for the ICAP server on, select either the ICAP protocol or TCP protocol. If you select TCP, health checks are performed using a TCP-only protocol.
  • HTTP methods: Depending on the application the HTTP method may determine the directionality of the file transfer. For example, a POST may correspond to a file upload and a GET may correspond to the file download. Select the methods to specify the direction for file transfers to forward to the ICAP server for further processing. By default POST is selected.
  • Secure ICAP: Select this option to use the secure version of the ICAP protocol with the EAA connector. This is optional.
  • Max File Size: Enter the maximum file size, in megabytes, that should be sent to the ICAP server for processing. By default, this is set to 500MB.
  • Exceeds Max File Size: If the file exceeds the maximum file size, select either Deny to reject the file transfer or Ignore to forward the transfer request to the application server without any further processing. By default, this is set to Deny.

To configure ICAP for an application, see Configure lCAP for an application.