Configuring traffic processing settings on the ICAP server.

Traffic processing settings on the ICAP server apply on all Worker servers.

To configure ICAP server traffic processing settings:

  1. In the application web interface window, select the Settings section, ICAP server subsection.
  2. In the Header with the client IP address box, enter the header that the proxy server uses for sending the IP address of the proxy server user.

    The default setting is X-Client-IP.

    If the header in this box differs from the header on the proxy server, the application cannot identify users correctly when checking traffic processing rules.

  3. In the Header containing user name box, enter the header that the proxy server uses to send the name of the proxy server user.

    The default setting is X-Client-Username.

    If the header in this box differs from the header on the proxy server, the application cannot identify users correctly when checking traffic processing rules.

  4. If the proxy server sends user names in Base64 encoding, select the User name in Base64 encoding check box.
  5. In the Path to request modification service box, specify the address of the Request Modification (REQMOD) service that processes outbound traffic.
  6. In the Path to response modification service box, specify the address of the Response Modification (RESPMOD) service that processes inbound traffic.
  7. If you want to prevent the user's browser breaking the connection with a time-out error when large objects are loaded, select the Start to transfer HTTP messages before their scanning is complete check box.

    If this parameter is enabled and it is taking a long time to scan an object, Kaspersky Web Traffic Security sends a part of the object to the browser without waiting for the scan to complete. In the meantime, Kaspersky Web Traffic Security continues scanning the object in accordance with traffic processing rules. If at the conclusion of the scan, access to the object is allowed, the object is sent to the browser in its entirety. If access to the object is denied, the browser session is terminated and the remaining part of the object is not delivered. In this case, the loading of the prohibited object is terminated without providing a reason. The user does not get a denial message and is not redirected to a different page.

  8. If you want to process HTTP messages with the CONNECT method, clear the Skip the HTTP CONNECT method check check box.

    Clearing this check box is recommended if you did not configure SSL Bumping on your proxy server.

  9. Click Save.

Traffic processing settings for the ICAP server are configured.

Page top