cancel
Showing results for 
Search instead for 
Did you mean: 
bdoyle
Level 7

ICAP Server - Not closing connection

Jump to solution

Hi All.

We have a webgateway v 7.1.0.7 running as an ICAP server. It appears to be running ok, and receives any ICAP traffice sent to it, and responds when a threat is detected. However, the webgateway does not appear to be closing the connection after it has sent its response back to the ICAP client, which results in it taking approx 70 seconds to process a file (as it times out and then goes onto the next file). Is there a way to configure the response header or a rue on the webgateway that will close the connection from the ICAP client to the ICAP server (ie the webgateway) after sending its response?

The screen-shot below is the current ruleset we have in place. The server is being used to scan the ICAP traffice for any threats.

ICAP Ruleset.jpg

Thanks,

Brian

Message was edited by: bdoyle on 17/05/12 11:27:08 CDT
0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: ICAP Server - Not closing connection

Jump to solution

Yes, the client is generally responsible for terminating the connection.

For example, if this were a heavily trafficed ICAP server, each client could maintain it's own pool of connections and re-use them without the TCP overhead of another connection. If the ICAP server terminated the TCP session after every scan, it would cause a serious bottleneck.

I don't know your identity or if I have ever spoken to you in real life, but did I ever give you my Java ICAP client? I use it in tomcat to scan uploaded files to an apache web server. It's very simple and not the best coding, but it's at least functional.

I have it posted here:

https://scan.lordchariot.com

There is a link to the java .war file that has source code in it if you uzip the file.

https://scan.lordchariot.com/ICAPScanner.war

0 Kudos
4 Replies
eelsasser
Level 15

Re: ICAP Server - Not closing connection

Jump to solution

What ICAP client are you using? A custom written one?

The ICAP client controls the connection, not the server.

The client needs to know when all the bytes have been received it knows to continue with it's processing.

This is done so the client can use persistent connections without having to consume a limited number of connections.

Message was edited by: eelsasser on 5/17/12 1:31:59 PM EDT
0 Kudos
bdoyle
Level 7

Re: ICAP Server - Not closing connection

Jump to solution

Yes, it is a custom written ICAP client which has been built in java. So, am I correct in saying we need to have out client disconnect once it has received a response from the server?

0 Kudos
eelsasser
Level 15

Re: ICAP Server - Not closing connection

Jump to solution

Yes, the client is generally responsible for terminating the connection.

For example, if this were a heavily trafficed ICAP server, each client could maintain it's own pool of connections and re-use them without the TCP overhead of another connection. If the ICAP server terminated the TCP session after every scan, it would cause a serious bottleneck.

I don't know your identity or if I have ever spoken to you in real life, but did I ever give you my Java ICAP client? I use it in tomcat to scan uploaded files to an apache web server. It's very simple and not the best coding, but it's at least functional.

I have it posted here:

https://scan.lordchariot.com

There is a link to the java .war file that has source code in it if you uzip the file.

https://scan.lordchariot.com/ICAPScanner.war

0 Kudos
bdoyle
Level 7

Re: ICAP Server - Not closing connection

Jump to solution

Hey,

no, never spoke to you before. Thats perfect, we will work on getting the ICAP client to clost the connection for us. Thanks!

-Brian

0 Kudos