cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

MWG ICAP Request Header Size Limit?

Jump to solution

Apparently, according to KB73397, Network Data Loss Prevention ICAP Header limitation, states that there's "a total size limit of 16K" for ICAP request headers.

Does MWG limit the ICAP request header size that it sends to this product?  If so, what's the limit, and can it be adjusted?

Or is that KB article just saying that it will ignore any excess?

Statistics show that URL's are approaching a mega-byte in size (oddly enough, Yahoo's video service is top of the list for this, and it's because of performance statistics in URL parameters).

We have performance issues, and consequently, reliability issues with that DLP ICAP product, and we'd rather not send excess data to it.  If we can discard any unusable data before we send the ICAP request, that might help some of our issues.

KB73397

1 Solution

Accepted Solutions
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Hi John,

MWG does not strip large headers before sending to any ICAP server. The MWG itself actually accepts up to a 10MB header.

More likely what will help your situation is limiting the types of requests that get sent over to DLP. The default ruleset for example will send all GET requests which have a parameter. In some cases the DLP server only cares about the POST and PUTs, so sending GETs may be a part of the problem.

Best Regards,

Jon

10 Replies
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Hi John,

MWG does not strip large headers before sending to any ICAP server. The MWG itself actually accepts up to a 10MB header.

More likely what will help your situation is limiting the types of requests that get sent over to DLP. The default ruleset for example will send all GET requests which have a parameter. In some cases the DLP server only cares about the POST and PUTs, so sending GETs may be a part of the problem.

Best Regards,

Jon

hazwan
Level 8
Report Inappropriate Content
Message 3 of 11

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Hi John,

How to set if MWG want to send POST? We want to integrate with forcepoint DLP as per their support said, they only receive http post only. So, during send to their DLP we have encountered error "ICAPBADRESPONSE 500 from dlp server" in mwg-core errors.

Regards,

HZ

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Hi John,

In your ICAP rules, you can create a rule similar to the following:

Name: Don't send GET requests

Criteria: Command.Name equals GET

Action: Stop Ruleset

Place this at the top of your ICAP rules and this will stop GETs from being sent over to DLP.


Best Regards,Jon

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Oh, we already got one for both GET's and HEAD's.  And, following that is the one for CONNECT's and CERTVERIFY's. 

We've also got one for Body.Size over 50MB and one for empty URL parameters (none of which is relevant to this issue).

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Can you send a screenshot of it for good measure?

Not sure why you would need one for CONNECT and CERTVERIFY...

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Actually, I should wonder which is more efficient, checking for CONNECT and CERTVERIFY or simply checking for the absence of parameters.

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 8 of 11

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Doing a string comparison like Command.Name is minimal to no performance impact. Though I suspect that the "Skip requests that do not carry information" would catch the CONNECT or CERTVERIFY that's why I've never seen that.

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: MWG ICAP Request Header Size Limit?

Jump to solution

I just realized, I meant to address HK's concerns. He asked how to prevent GETs from being sent over to their DLP server.

Sorry John. Did your original question get answered about the 10MB limit?

Are you still seeing performance issues even with the GET exceptions?

Re: MWG ICAP Request Header Size Limit?

Jump to solution

Your first answer was the essence of it.  Thank you. The rest is all workarounds, but it's worth throwing a few ideas around anyway.