cancel
Showing results for 
Search instead for 
Did you mean: 
numark
Level 7

ICAP Example Help

Jump to solution

Hello,

I am looking for some help setting up a new ICAP client that will send file requests to MWG.

RESPMOD icap://10.x.x.x/avscan ICAP/1.0

Host: 10.x.x.x

User-Agent: IT-Kartellet ICAP Client/1.1

Allow: 204

Preview: 30

Encapsulated: req-hdr=0, res-hdr=1, res-body=22

I am trying to figure out what sets the res-hdr and res-body number. Currently I have these statically assigned but I feel like we should some how have these dynamically generated based on the file we are processing.

Any help is appreciated! Thank you!

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: ICAP Example Help

Jump to solution

An ICAP request consists of a few sections:

The ICAP Request itself, with various Headers. This would look like this:

RESPMOD icap://192.168.2.231:1344/RESPMOD ICAP/1.0\r\n

Allow: 204\r\n

Connection: close\r\n

Host: 192.168.2.231\r\n

X-Client-IP: 192.168.1.2\r\n

Encapsulated: req-hdr=0, res-hdr=84, res-body=150\r\n

\r\n

The Encapsulated Request Header. This is supposed to represent an HTTP request.

GET /testfile.zip HTTP/1.1\r\n

Host: 192.168.1.2\r\n

\r\n

The Encapsulated response header.

HTTP/1.1 200 OK\r\n

Transfer-Encoding: chunked\r\n

Content-Length: 0\r\n

\r\n

And the Response body, which is where the file is and it's usually chunked binary.

211\r\n

...........\r\n

(529 bytes of binary data sent)\r\n

...........\r\n

0\r\n

\r\n

req-hdr=0 means the "GET /eicar.com HTTP/1.1"   starts at 0 bytes right after the ICAP header.

res-hdr=84 means the HTTP/1.1 200 OK starts at 84 bytes after the ICAP header.

res-body=150 means the Response body starts at 150 bytes after the ICAP header.

Does that help?

I attached an ICAP client PERL script that _might_ make it easier to follow.

0 Kudos
2 Replies
eelsasser
Level 15

Re: ICAP Example Help

Jump to solution

An ICAP request consists of a few sections:

The ICAP Request itself, with various Headers. This would look like this:

RESPMOD icap://192.168.2.231:1344/RESPMOD ICAP/1.0\r\n

Allow: 204\r\n

Connection: close\r\n

Host: 192.168.2.231\r\n

X-Client-IP: 192.168.1.2\r\n

Encapsulated: req-hdr=0, res-hdr=84, res-body=150\r\n

\r\n

The Encapsulated Request Header. This is supposed to represent an HTTP request.

GET /testfile.zip HTTP/1.1\r\n

Host: 192.168.1.2\r\n

\r\n

The Encapsulated response header.

HTTP/1.1 200 OK\r\n

Transfer-Encoding: chunked\r\n

Content-Length: 0\r\n

\r\n

And the Response body, which is where the file is and it's usually chunked binary.

211\r\n

...........\r\n

(529 bytes of binary data sent)\r\n

...........\r\n

0\r\n

\r\n

req-hdr=0 means the "GET /eicar.com HTTP/1.1"   starts at 0 bytes right after the ICAP header.

res-hdr=84 means the HTTP/1.1 200 OK starts at 84 bytes after the ICAP header.

res-body=150 means the Response body starts at 150 bytes after the ICAP header.

Does that help?

I attached an ICAP client PERL script that _might_ make it easier to follow.

0 Kudos
numark
Level 7

Re: ICAP Example Help

Jump to solution

Thanks Erik for your quick reply. This information has been extremely helpful for me.

Thank you!

0 Kudos