Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

ASM ICAP for AV Scanning

Hi All,

So i'm looking at AV scanning using ASM's ICAP interface.

Now i've found this and identifiying different headers that the ICAP Server can put in the response back to the f5.

So namely X-Infection-Found, X-Virus-Name, X-Virus-ID, X-Violations-Found
What i can't seem to find is what the f5 is expecting back as part of those headers and how it reacts to them.
From the mcafee example (and i know its only an example!) I could send back other headers potentially with other useful information but how do i get ASM/AWAF to respond and act to this information?

From the f5 kb, its almost a if header exists act, or id header is not null then block.
Is that correct? is there a list of headers the f5 is looking for?

Is this detailed anywhere please?




Hi PSFletchTheTek ,

Indeed, F5 BIG-IP reacts according to the information present with the ICAP response header extensions. You will find all the headers and their descriptions/examples in the following RFC .

source :