Forum Discussion
ICAP inspection with SWG for HTTP and HTTPS
- Jun 24, 2015
I've found that the HTTP VS generally never receives any traffic when using the explicit proxy, probably because most clients don't use the HTTP CONNECT method for unencrypted requests. Meaning that the HTTP proxy won't be triggered and the traffic will just be forwarded out the default route on your BIG-IP.
I ran into this issue when trying to enable AAM on the proxy_vs, and worked around it using this iRule:
when HTTP_PROXY_REQUEST { traffic passed through to the HTTPS VS where web acceleration is enabled WAM::disable } when HTTP_REQUEST { web acceleration enabled non-proxy HTTP requests WAM::enable }
I don't know if there's an equivalent command to enable/disable ICAP.
Thank you! The equivalent is ADAPT::enable . I had to add some more logic to disable content adaptation only for CONNECT as those go to the HTTPS VS were content adaptation is enabled:
when HTTP_PROXY_REQUEST {
if {[HTTP::method] eq "CONNECT"} {
ADAPT::enable false
} else {
ADAPT::enable true
}
}
when HTTP_REQUEST {
if {[HTTP::method] eq "CONNECT"} {
ADAPT::enable false
} else {
ADAPT::enable true
}
}
Hi again,
we were able to test this scenario.
When we put the Request Adapt profile and irule in the catch_443, we can now see the HTTPS traffic in the Symantec DLP however, the mail sites (which are only allowed in the URL Filtering) cannot be accessed.
When we tried to remove the Request Adapt profile, the irule should be removed also but mail sites will be accessible.
Any idea what can be the reason of this scenario? thank you
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com