how to use Icap solution

In 10.2.0, ASM supports checking attachments against an ICAP service:

 

 

It is now safe to enable File Upload

 

http://devcentral.f5.com/weblogs/macvittie/archive/2010/08/27/f5-friday-it-is-now-safe-to-enable-file-upload.aspx

 

 

 

http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/config_guide_asm_10_2_0/asm_sys_mgmt.html1037564

 

 

Configuring external anti-virus protection

 

You can configure the Application Security Manager to connect with an Internet Content Adaptation Protocol (ICAP) server to check requests for viruses. If the Virus Detected violation is enabled for that web applications security policy, the system sends requests with file uploads to an external ICAP server for inspection. The ICAP server examines the requests for viruses and, if the ICAP server detects a virus, it notifies the Application Security Manager, which then issues the Virus Detected violation.

 

 

 

Aaron

 

 

Maybe this is a new topic, but it has to do with ICAP on OWA. But it is 'reverse'. It is not to check information coming into the server, but it is to inspect the information being sent out from the OWA server, through the F5, and to the user.

 

 

We need to protect what information is allowed to be viewed by a user who is using OWA remotely to look at their email.

 

 

To do this, we want to route any attachment that they want to read (open) to a ICAP server to determine if it violates policy.

 

We would also like to send the HTML pages as well as the text of the email could certainly contain protected information.

 

 

Can the ASM be set to use ICAP on 'reverse' traffic --- that is traffic going from the server TO the client?!

 

thanks!

 

Me again.. Does silence mean F5 ASM cannot do this?

is this relevant?

 

 

Manual Chapter: Configuring Content Adaptation for HTTP Requests and Responses

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-4-0/13.html