That is correct. If you wish to used Prevent for response modification as well, you just replace /respmod for the /reqmod on the URI.
Hope this helps.
It looks like the whole 9.2 Web Prevent appliance is having issues so it wasn't the ICAP string that was the issue.
hileman8, any issues to watch out for? (New 9.2 Prevent user here).
I don't have any tips because the 9.2 Web Prevent appliances are not stable. This might just be mine but I am working with support on this issue will update you with the findings.