Example of the ICAP Client Configuration File

This is an example configuration file $FWDIR/conf/icap_client_blade_configuration.C:

    :enabled ("true")

    :filter_http_method (

: (

                :method ("GET")

: (

                :method ("PUT")

: (

                :method ("POST")

    :http_services (

: (

                :port (8080)

: (

                :port (8443)

    :inspect_html_response ("false")

    :trickling_mode (0)

    :user_check_interaction_name ("Blocked Message - Access Control")

    :log_level (2)

    :icap_servers (

: (

                :name ("icap_server_1")

                :ip ("10.1.0.20")

                :ip6 ("2001:db8:6:f101::15")

                :port (1344)

                :service ("echo")

                :proto ("icap")

                :modification_mode ("both")

                :transp ("3rd_cpas")

                :failmode (open)

                :timeout (60)

                :max_conns (50)

                :user_check_action (1)

                :x_headers (

                    :x_client_ip ("false")

                    :x_server_ip ("false")

                    :x_authenticated_user ("false")

                    :authentication_source ("Local")

                    :base64_username_encode ("true")

: (

                :name ("icap_server_2")

                :ip ("10.1.0.30")

                :ip6 ("2001:db8:6:f101::16")

                :port (1344)

                :service ("echo")

                :proto ("icap")

                :modification_mode ("respmod")

                :transp ("3rd_cpas")

                :failmode (close)

                :timeout (120)

                :max_conns (250)

                :user_check_action (2)

                :x_headers (

                    :x_client_ip ("true")

                    :x_server_ip ("true")

                    :x_authenticated_user ("true")

                    :authentication_source ("WinNT")

    :rules_type ("include")

    :network_filter_rules_ip4 (

: (

                :src_ip_ranges (

: (

                        :min_ip ("10.0.0.6")

                        :max_ip ("10.0.0.10")

: (

                        :min_ip ("10.0.0.100")

                        :max_ip ("10.0.0.150")

                :dst_ip_ranges (

: (

                        :min_ip ("10.1.0.1")

                        :max_ip ("10.1.255.255")

: (

                :src_ip_ranges (

: (

                        :min_ip ("10.0.0.21")

                        :max_ip ("10.0.0.24")

                :dst_ip_ranges (

: (

                        :min_ip ("any")

                        :max_ip ("any")

    :network_filter_rules_ip6 (

: (

                :src_ip_ranges (

: (

                        :min_ip ("2001:db8:5:f101::11")

                        :max_ip ("2001:db8:5:f101::15")

                :dst_ip_ranges (

: (

                        :min_ip ("2001:db8:6:f101::1")

                        :max_ip ("2001:db8:6:f101::20")

Clarification about the rules in the example above: