3 Replies Latest reply on Dec 9, 2015 1:36 AM by ubezio

    how submit a file with icap in reqmod via http post

    ubezio

      I tried to to submit a file (a Word File .docx) to DLPe to check whether it contains sensitive data. I cannot figure how add the file as an attachment. Now I'm only able to put the byte in the header. This is not useful because DLP does not decode the content (and probably the file cannot be longer than 14 KB: the max length of the header). To reach the point I submitted a multipart request, but it seems that this is not properly working. Is there a working example?

      Thank for your attention.

        • 1. Re: how submit a file with icap in reqmod via http post
          ubezio

          ... just to be more clear, now if I send

           

          REQMOD icap://xxx.xxx.xxx.xxx/reqmod ICAP/1.0

          Host: xxx.xxx.xxx.xxx

          Encapsulated: req-hdr=0, req-body=150

           

          POST /read.txt HTTP/1.1

          Host: abcde.abcde.fg

          Accept: text/html, text/plain

          Accept-Encoding: compress

          Pragma: no-cache

          Transfer-Encoding: chunked

           

          1E

          some text here to send: abcdef

          0; ieof

           

          I receive the following answers, which are fine for this case (I have a rule on DLP that check on the content). But no way to insert a real attachment.

          * This is the ICAP RESPONSE:

          ICAP/1.0 200 OK

          Date: Fri, 04 Dec 2015 09:08:09 GMT

          Server: McAfee ICAP Server/1.0

          Connection: keep-alive

          ISTag: "McAfee-xxxxxx-xxxx-xxxxxxx"

          Encapsulated: res-hdr=0, res-body=251

           

           

          * This is the HTTP RESPONSE:

          HTTP/1.1 403 Forbidden

          Date: Fri, 04 Dec 2015 09:08:09 GMT

          Via: ICAP/1.0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:1344

          Server: McAfee Prevent-8.5.1 (Stingray)

          Connection: close

          Transfer-Encoding: chunked

          Content-Type: text/html; charset=iso-8859-1

           

          48C

          <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

          <html>

          <head>

            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

            <meta http-equiv="Content-Style-Type" content="text/css">

            <title></title>

            <meta name="Generator" content="Cocoa HTML Writer">

            <meta name="CocoaVersion" content="824.41">

            <style type="text/css">

              p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 30.0px Helvetica}

              p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 30.0px Helvetica; min-height: 36.0px}

              p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 17.0px Helvetica}

              p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; font: 17.0px Helvetica; min-height: 20.0px}

              p.p5 {margin: 0.0px 0.0px 0.0px 0.0px; font: 15.0px Helvetica}

            </style>

          </head>

          <body>

          <p class="p1">Request Denied</p>

          <p class="p2"><br></p>

          <p class="p3">Access to this content/URL is prohibited. Please contact your System Administrator for details.</p>

          <p class="p4"><br></p>

          <p class="p3">This transaction has been logged for security reasons.</p>

          <p class="p4"><br></p>

          <p class="p5"><i>Generated by McAfee NetDLP, Content Scanning Service.</i></p>

          </body>

          </html>

           

          0

          • 2. Re: how submit a file with icap in reqmod via http post
            jhall2

            An easier method is to transfer the file to the /tmp directory on the DLP appliance and run this command from the CLI:

             

            classify filename.xxx

            • 3. Re: how submit a file with icap in reqmod via http post
              ubezio

              ... probably this works very well, but it is not really useful if you want an application to application integration ...