ICAP
The Internet Content Adaptation Protocol (ICAP) is a lightweight HTTP-like protocol (request and response protocol), which is used to extend transparent proxy servers. This frees up resources and standardizes the way in which new features are implemented. ICAP is usually used to implement virus scanning and content filters in transparent HTTP proxy caches.
The ICAP allows ICAP Clients to pass HTTP / HTTPS messages to ICAP Servers for content adaptation. The ICAP Server
The ICAP Server functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Client requests, send the files for inspection, and return the verdict. executes its transformation service on these HTTP / HTTPS messages and sends responses to the ICAP Client The ICAP Client functionality in your Security Gateway or Cluster (in versions R80.40 and higher) enables it to interact with an ICAP Server responses (see RFC 3507), modify their content, and block the matched HTTP connections., usually with modified HTTP / HTTPS messages. The adapted HTTP / HTTPS messages can be HTTP / HTTPS requests, or HTTP / HTTPS responses.
ICAP is a request and response protocol that is equivalent in semantics and usage to HTTP/1.1 protocol. Despite the similarity, ICAP is neither HTTP / HTTPS , nor an application protocol that runs over HTTP / HTTPS.
ICAP is an RFC protocol, which lets devices from different vendors communicate. ICAP is specified in RFC 3507 (for more information, see (ICAP Specification). In addition, see the Draft RFC - ICAP Extensions.
ICAP packet structure
The ICAP message is encapsulated into the TCP.
ICAP methods
|
Method |
Description |
|---|---|
|
REQMOD |
Client Request Modification. The ICAP Client uses this method for an HTTP / HTTPS request modification. |
|
RESPMOD |
Server Response Modification. The ICAP Client uses this method for an HTTP / HTTPS response modification. |
|
OPTIONS |
The ICAP Client uses this method to retrieve configuration information from the ICAP Server. |
ICAP response codes
These are the ICAP response codes that are different from their HTTP counterparts:
|
Category |
Code |
Description |
|---|---|---|
|
1yz Informational codes |
100 |
Continue after ICAP preview. |
|
2yz Success codes |
204 |
No Content. No modification is required. |
|
|
206 |
Partial Content. |
|
4yz Client error codes |
400 |
Bad request. |
|
|
404 |
ICAP Service not found. |
|
|
405 |
Method not allowed for service (for example, RESPMOD requested for service that supports only REQMOD). |
|
|
408 |
Request timeout. ICAP Server timed out waiting for a request from an ICAP Client. |
|
|
418 |
Bad composition. ICAP Server needs encapsulated sections different from those in the request. |
|
5yz Server error codes |
500 |
Server error. Error on the ICAP Server, such as "out of disk space". |
|
|
501 |
Method not implemented. This response is illegal for an OPTIONS request as implementation of OPTIONS is mandatory. |
|
|
502 |
Bad Gateway. This is an ICAP proxy error. |
|
|
503 |
Service overloaded. The ICAP server exceeded a maximum connection limit associated with this service. The ICAP Client should not exceed this limit in the future. |
|
|
505 |
ICAP version is not supported by server. |
You can configure Check Point Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. as:
-
ICAP Client - To send the HTTP / HTTPS messages to ICAP Servers for content adaptation.
-
ICAP Server - To perform content adaptation in the HTTP / HTTPS messages received from ICAP Clients.
-
Both ICAP Client and ICAP Server at the same time.
Check Point Security Gateway configured for ICAP can work with third party ICAP devices without changing the network topology.