Forum Discussion
ASM ICAP for AV Scanning
Hi All,
So i'm looking at AV scanning using ASM's ICAP interface.
Now i've found this https://support.f5.com/csp/article/K70941653 and https://community.mcafee.com/t5/Web-Gateway/ICAP-Server/td-p/390787 identifiying different headers that the ICAP Server can put in the response back to the f5.
So namely X-Infection-Found, X-Virus-Name, X-Virus-ID, X-Violations-Found
What i can't seem to find is what the f5 is expecting back as part of those headers and how it reacts to them.
From the mcafee example (and i know its only an example!) I could send back other headers potentially with other useful information but how do i get ASM/AWAF to respond and act to this information?
From the f5 kb, its almost a if header exists act, or id header is not null then block.
Is that correct? is there a list of headers the f5 is looking for?
Is this detailed anywhere please?
Indeed, F5 BIG-IP reacts according to the information present with the ICAP response header extensions. You will find all the headers and their descriptions/examples in the following RFC .
source : http://www.icap-forum.org
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com