|
|
|
This is an example configuration file $FWDIR/conf/icap_client_blade_configuration.C:
( :enabled ("true") :filter_http_method ( : ( :method ("GET") ) : ( :method ("PUT") ) : ( :method ("POST") ) ) :http_services ( : ( :port (8080) ) : ( :port (8443) ) ) :inspect_html_response ("false") :trickling_mode (0) :user_check_interaction_name ("Blocked Message - Access Control") :log_level (2) :icap_servers ( : ( :name ("icap_server_1") :ip ("10.1.0.20") :ip6 ("2001:db8:6:f101::15") :port (1344) :service ("echo") :proto ("icap") :modification_mode ("both") :transp ("3rd_cpas") :failmode (open) :timeout (60) :max_conns (50) :user_check_action (1) :x_headers ( :x_client_ip ("false") :x_server_ip ("false") :x_authenticated_user ("false") :authentication_source ("Local") :base64_username_encode ("true") ) ) : ( :name ("icap_server_2") :ip ("10.1.0.30") :ip6 ("2001:db8:6:f101::16") :port (1344) :service ("echo") :proto ("icap") :modification_mode ("respmod") :transp ("3rd_cpas") :failmode (close) :timeout (120) :max_conns (250) :user_check_action (2) :x_headers ( :x_client_ip ("true") :x_server_ip ("true") :x_authenticated_user ("true") :authentication_source ("WinNT")
) ) ) :rules_type ("include") :network_filter_rules_ip4 ( : ( :src_ip_ranges ( : ( :min_ip ("10.0.0.6") :max_ip ("10.0.0.10") ) : ( :min_ip ("10.0.0.100") :max_ip ("10.0.0.150") ) ) :dst_ip_ranges ( : ( :min_ip ("10.1.0.1") :max_ip ("10.1.255.255") ) ) ) : ( :src_ip_ranges ( : ( :min_ip ("10.0.0.21") :max_ip ("10.0.0.24") ) ) :dst_ip_ranges ( : ( :min_ip ("any") :max_ip ("any") ) ) ) ) :network_filter_rules_ip6 ( : ( :src_ip_ranges ( : ( :min_ip ("2001:db8:5:f101::11") :max_ip ("2001:db8:5:f101::15") ) ) :dst_ip_ranges ( : ( :min_ip ("2001:db8:6:f101::1") :max_ip ("2001:db8:6:f101::20") ) ) ) ) ) |
Clarification about the rules in the example above:
:network_filter_rules_ip4 ()] OR [:network_filter_rules_ip6 ()]:network_filter_rules_ip4 ():[:src_ip_ranges ()] AND [:dst_ip_ranges ()]
All traffic that arrives from IPv4 (10.0.0.6 OR 10.0.0.7 ... OR 10.0.0.10)
AND destined to IPv4 (10.1.0.1 OR 10.1.0.2 ... OR 10.1.255.255)
All traffic that arrives from IPv4 (10.0.0.100 OR 10.0.0.101 ... OR 10.0.0.150)
AND destined to IPv4 (10.1.0.1 OR 10.1.0.2 ... OR 10.1.255.255)
All traffic that arrives from IPv4 (10.0.0.21 OR 10.0.0.22 ... OR 10.0.0.24)
AND destined to any IPv4 address
:network_filter_rules_ip6 ():[:src_ip_ranges ()] AND [:dst_ip_ranges ()]
All traffic that arrives from IPv6 (2001:db8:5:f101::11 OR 2001:db8:5:f101::12 ... OR 2001:db8:5:f101::15)
AND destined to IPv6 (2001:db8:6:f101::1 OR 2001:db8:6:f101::2 ... OR 2001:db8:6:f101::20)