I'm looking for the best configuration for logs information considering that my mwg is working as an ICAP Server. I have a squid doing the proxy function (icap client).
Besides that, is there any problem, with regard to logs, if mwg works in both reqmode and respmode?
Thanks in advance,
What version are you running?
When using MWG 6, you may need to check the boxes for REQMOD/RESPMOD, instead of Proxy gateway (see below):
In MWG 7, there shouldnt be anything you should need to do.
In terms of log file structure, I typically recommend the following format on MWG 6:
src_ip - "auth_user" time_stamp"req_line" status_code bytes_to_client "referer""user_agent" "attribute" block_res "media_type""profile" elapsed_time "virus_name" "categories"
In MWG 7, there shouldnt be anything you should need to do to the log format either.
Let me know if this helps,
Thank you Jon.
Your answer helps me. I'm using MWG 7.2.
Would you help me once more? There is an option called "bypass RESPmod for responses that must not contain a body" in Configuration > Appliances > nameofappliance > Proxies (HTTP(S), FTP, ICAP and IM), at the bottom of the page in Advanced Settings. What this option really does? In what circunstances?
I'm not sure exactly, but here's what I think it does.
Sometimes a response code is defined by the RFC to never include body data int he response.
204 No Content
The 204 response MUST NOT include a message-body, and thus is always terminated by the first empty line after the header fields.
There are some applications that abuse the HTTP protocol and violate the RFC.
If MWG enforces strict RFC compliance, then it will break some applications.
In order to allow some of these violations we have to bypass this condition.
That's my best guess.