The protocol specification is intellectual property and is not disclosed. Only licensees of the SDK (like Cisco) get the documentation of the protocol.
Connection.IP is the address of the IFP client (ASA) sending the request.
If ASA includes it in the request (which I think it does), Client.IP is the address of the user making the request.
The only thing I can find on IFP and ASA itself is in the installation guide.
Erik has answered the first two questions, as far as the integration question, we're just using the same integration as SmartFilter did so all the commands are the same as you used before.
Here is a dump of my commands for enabling and troubleshooting IFP on the Cisco device:
PIX/ASA commands to enable IFP:
1. Define the IFP Server using the command:
url-server vendor [n2h2 | smartfilter] (if_name) host local_ip [timeout seconds] [protocol TCP | UDP version [1|4] [connections num_conns] ] # example: url-server vendor smartfilter host 10.0.0.1 timeout 10
For vendor us the key below, the version is the version of the PIX/ASA:
With versions 6.3 through 7.1, type n2h2.
With version 7.2 or newer, type smartfilter.
If you are using Webwasher/Web Gateway, either will apply so type n2h2/smartfilter depending on your version.
2. Apply the filtering to the traffic using the command:
filter url [http | port[-port]] source_ip source_mask dest_ip dest_mask [allow] [proxy-block] [longurl-truncate | longurl-deny] [cgi-truncate] # example: filter url http 0 0 0 0 allow longurl-truncate
3. To apply filtering to HTTPS traffic* use the following command:
filter https source_ip source_mask dest_ip dest_mask [allow] # example filter https 443 0 0 0 0 allow
*This "https" command will only work on versions 7.2 or newer, older versions will not support filtering of https traffic.
4. (Optional) To exempt traffic from filtering, use the following command:
filter (https|url) except source_ip source_mask dest_ip dest_mask # example filter url except 10.10.0.0 255.255.0.0 0 0
5. (Optional) To enable buffering of HTTP replies for URLs that are pending a response from the IFP filter server, type the following command:
For block_buffer_limit, type the maximum number of blocks (1 to 128) for the URL buffer.
url-block block [block_buffer_limit] # example url-block block 128
6. (Informational) To remove any of the commands from the device just copy the exact command and place a 'no' in front of it.
# example no filter https 443 10.10.0.0 255.255.0.0 0 0 allow
To view information about the current URL filtering scheme, type the following commands:
show filter url show url-server
Use these commands to find out the address and port number for the SmartFilter IFP server, the timeout period, and whether the allow option is enabled or disabled.
To show the configuration related to url filtering, enter the following command:
show running-config url-server
To view statistics related to communication between the Cisco PIX/ASA Firewall and the SmartFilter IFP server, type the following commands:
show url-server stat show url-block block stat show perfmon
Use these commands to view the number of URL requests sent, responses received, pages blocked and allowed, and processing failures.
You can derive the protocol by looking at the source code for the openufp project on GitHub.