Prevent Data Loss Using an ICAP Server

When you have implemented data loss prevention with an ICAP server that handles the filtering process, you can configure settings and implement a rule set to ensure the smooth flow of data between the appliance and the ICAP server.

You can use a solution called nDLP for data loss prevention. Within this solution, data that users want to upload
from your network to the web is filtered to prevent data loss. The filtering is done on an ICAP server. The data
flow is as follows:

• Data sent from the client systems of your users is forwarded to the appliance.
• The appliance provides an ICAP client that sends REQMOD requests with the user data to the ICAP server.
• The requests are filtered on the server by modifying them according to the ICAP protocol and passed on to the web servers that are the destinations of the requests.

After importing the Data Loss Prevention with ICAP rule set from the library, rules that are implemented on the appliance control the sending of requests to the ICAP server. 

According to these rules, a request is not forwarded if:

• The body of the request contains no data and the request does not include URL parameters.
• The body of the request exceeds a given size (default: 50 MB).

Together with the rule set, settings are imported that you need to configure. These include a list of the ICAP servers that the appliance can forward requests to.

You can also configure the ICAP client on the appliance not to open more connections for sending requests than a particular ICAP server can handle at the same time.