Forum Discussion
Nikoolayy1
MVP
MVPIs it possible to insert HTTP payload in an ICAP reply or to change the status code?
Hello,
I see that some implementations of ICAP may by mistake not return an HTTP payload to the F5 Internal Virtual server but they have ICAP headers that a virus has been detected.
For n...
JRahm
Admin
AdminNot an area of expertise for me, and after looking at all the ADAPT, ICAP, and IVS events/commands, my head is spinning... 😫😫
Will need to (eventually) mock up a scenario so I can better understand the iRules entry points around the workflow, which is better known to me as described in this lightboard lesson. It looks like TCP commands are allowed in ICAP events, so you could try a TCP::collect (not sure this specific action is allowed) and then modify in SERVER_DATA if it is...but again, never tried that and I haven't done anything outside of concepts with this.
Nikoolayy1MVP
MVPMaybe with TCP::collect could trigger the ADAPT response if I insert HTTP in the ICAP reply at the TCP level. Not a bad idea.
- JRahm
let me know how that goes!
- Nikoolayy1
Finally got some time to review this as if it is possible and seems not.
On the internal VS that connects to the ICAP server I tried to use TCP::respond and just it does not work in any event even CLIENT_ACCEPTED or SERVER_CONNECTED. The only way is to use the HTTP headers and the event ADAPT_REQUEST_HEADERS on the F5 standard VS.
when CLIENT_ACCEPTED {
set html_message "Access Denied"
TCP::respond "HTTP/1.1 405 Not Allowed Mime-Type: text/html\r\nCache-Control: no-cache,no-store\r\nConnection: close\r\nContent-Length: [string length $html_message]\r\n\r\n$html_message\r\n\r\n"
}
Well, dang. Are you trying other methods/paths, or giving up on this?
