Forum Discussion
Ivan_Blesa_2004
Nimbostratus
NimbostratusICAP inspection with SWG for HTTP and HTTPS
I have deployed SWG with the iApp provided in https://devcentral.f5.com/codeshare/f5-secure-web-gateway-iapp-template
I have added ICAP Request and Response inspection for HTTP and HTTPS. If I select...
I've found that the HTTP VS generally never receives any traffic when using the explicit proxy, probably because most clients don't use the HTTP CONNECT method for unencrypted requests. Meaning that the HTTP proxy won't be triggered and the traffic will just be forwarded out the default route on your BIG-IP.
I ran into this issue when trying to enable AAM on the proxy_vs, and worked around it using this iRule:
when HTTP_PROXY_REQUEST { traffic passed through to the HTTPS VS where web acceleration is enabled WAM::disable } when HTTP_REQUEST { web acceleration enabled non-proxy HTTP requests WAM::enable }I don't know if there's an equivalent command to enable/disable ICAP.
Ivan_Blesa_2004Nimbostratus
NimbostratusHi Michael,
I'm using Clearswift SECURE ICAP Gateway. It is a Data Loss Prevention ICAP server which apart from blocking/allowing policies, it can modify the traffic to suit with the security policy. But it also provides antivirus, URL filters and Web 2.0 policies. I'm testing different configurations. In a reverse proxy configuration, I'm only sending certain traffic to the Clearswift SIG as you mention. However, when F5 is working as a Secure Web Gateway, I want to send everything so that for outbound traffic URL filters are applied, outbound data is redacted/removed/blocked and Web 2.0 policies can be enforced. For incoming traffic, I want to remove active content from certain data types, run the antivirus, and apply any other content inspection policies (like blocking by true data type, malformed data types detection,...) to prevent incoming threats. Thanks!