ICAP Servers

Integrate PrivX with ICAP servers, to provide virus and content scanning for users' connections.

ICAP Support

Servers

ClamAV
ClearSwift SIG
McAfee
WithSecure Atlant

Modes

REQMOD
RESPMOD

Connection Types

SSH via PrivX GUI
SCP via native clients
SFTP via native clients
RDP via PrivX GUI
HTTPS via PrivX GUI

Enabling ICAP for File Transfers

When ICAP is enabled, all users' file uploads and downloads are scanned. Uploaded files are scanned before they are sent to target hosts; downloads are scanned before they travel from the shared directory to the users' machines. Files that do not comply to corporate policy are blocked.

21922192

To enable ICAP for file transfers, first ensure that:

  • For best performance, we recommend placing the ICAP server close to your PrivX servers (with fast network connection) to speed up file scanning.
  • The ICAP-server hostname and port are accessible from all PrivX servers.

To set up ICAP:

  1. Access the PrivX GUI. On Administration→Settings→Global under ICAP, provide your ICAP settings:

    • Enable file-transfer scans for desired connection types.
      Note that the setting for web-based RDP also applies to HTTPS file transfers.
    • Provide the ICAP-server host name and port.
    • Provide either ICAP RESPMOD URL or ICAP REQMOD URL (depending on whether your ICAP server uses response modification or request modification). You should verify the correct URL from your ICAP-server configuration.
    • ICAP service name is an optional attribute, required by some servers (example value: squidclamav).

    📘

    Note

    For ClearSwift SIG, set the ICAP RESPMOD URL to clearswift. Do not enter an actual URL.

  2. Restart PrivX to apply your changes.

15001500

Example ICAP configuration

Enabling ICAP for HTTPS Traffic

To enable ICAP scanning for all HTTPS traffic (instead of just File transfers), repeat the following setup on all PrivX Web Proxies:

  1. To allow inspecting traffic for malicious files, add the following lines to squid.conf file on PrivX Web Proxy:

    icap_enable on
    icap_service service_resp respmod_precache bypass=0 icap://10.1.1.5:1344/respmod
    adaptation_access service_resp allow all
    

    Save your changes to the file.

  2. Restart the squid service to apply your changes:

    systemctl restart squid
    

Trying to access blocked content should show an error message on the container browser (example using McAfee):

20142014

For more information about ICAP setup with Squid, consult the Squid documentation at http://www.squid-cache.org.


Did this page help you?