Skip to main content
Skyhigh Security

ICAP Server Settings

Settings for running a server on an appliance that modifies requests and responses in communication with clients under ICAP.

Option Definition
Enable ICAP server

When selected, an ICAP server is run on an appliance.

ICAP Port Definition list

Provides a list for entering the ports on an appliance that listen to requests from ICAP clients.

When multiple ICAP servers are configured on different appliances within your network, requests coming in from ICAP clients are distributed among these servers in round-robin mode.

Select TLS version

Allows you to select a TLS or SSL protocol version for the ICAP traffic originating from requests and responses sent and received between an ICAP server and its clients.

If one of these protocols is in use, the ICAP traffic is going on as secured traffic, which is also referred to as secure ICAP or ICAPS traffic.

You can select one or more of the following protocol versions.

  • TLS 1.3
  • TLS 1.2
  • TLS 1.1
  • SSL 3.0 — Use this protocol version only if it is required to ensure compatibility with an existing configuration.

 

The following table describes an entry in the ICAP port definition list.

Option Definition
Listener address

Specifies the IP address and port number for a port on the ICAP server that listens for requests from ICAP clients.

Send early 204 responses

When selected, these responses are sent.

Include Realm into authentication attributes

When selected, the realm is included in the attributes that are evaluated during the authentication process that is performed in ICAP communication.

Wait for complete ICAP request

When selected, an ICAP request is only processed after it has been completely received on the ICAP server, depending, however, on what you select from the following.

  • Never — Processing never waits until a request has been completely received.
  • Only for REQMOD requests — Processing only waits if a request was sent in REQMOD mode.
  • Only for FTP requests — Processing only waits if an FTP request was sent.
  • Always — Processing always waits until a request has been completely received.

Maximum concurrent REQMOD connections

Limits the number of connections that can run in REQMOD mode at the same time.

The default maximum number is 100.

Maximum concurrent RESPMOD connections

Limits the number of connections that can run in RESPMOD mode at the same time.

The default maximum number is 400.

Preview size

Sets the preview size.

ICAPS

When selected, the connections used for the ICAP communication are SSL-secured.

When this option is selected, the options explained in the following are activated.

These options are related to the certificate that the ICAP server submits when connecting to ICAP clients over SSL-secured connections.

Subject, Issuer, Validity, Extensions, Fingerprint, Key

These fields display information about the server certificate that is currently in use.

Server certificate

Provides options for handling a server certificate.

  • Generate New — Opens a window for generating a new server certificate.
  • Import — Opens a window for importing a server certificate.
  • Export — Lets you browse to a location within your file system that a server certificate can be exported to.
  • Export key — Lets you browse to a location within your file system that the key file for a server certificate can be exported to.
Comment

Provides a plain-text comment on a port that listens to requests from ICAP clients.

 

  • Was this article helpful?