Previous Topic: Configure the ICAP AgentNext Topic: Sample ICAP Client Configuration File

Archive Integration GuideICAP AgentIntegration Procedure for ICAP ClientsConfigure the Proxy Server and ICAP Client

Configure the Proxy Server and ICAP Client

The proxy server must have an ICAP client installed. ICAP clients can process both requests and responses. See the documentation for your proxy server and ICAP client for full configuration details. For integration with CA Data Protection, you must:

  1. Verify that a supported authentication method is enabled on the proxy server.

    If authentication is enabled, the user identity is passed from the ICAP client to the ICAP agent. When an event is generated, the respective user name or email address is displayed in the iConsole depending on the user attribute.

    If authentication is not enabled, the user identity cannot be passed from the ICAP client to the ICAP agent.

    If you are using a Blue Coat ProxySG server, see your Blue Coat documentation for details about configuring the LDAP, IWA, Windows SSO or Policy Substitution authentication methods.

    Note: If you use a Blue Coat ProxySG server and single sign-on authentication, verify that the sso.ini file identifies the user account that the BlueCoat service runs as. The sso.ini file specifies this user account in the '[SSOServiceUsers]' section.

  2. Specify the port number assigned to the ICAP agent.

    This port must match the port specified by the AgentPort registry value. By default, this is 1344.

  3. Identify the ICAP agent host machine. This allows the ICAP client to route requests and responses to the ICAP agent.

    For example, for Squid Proxy servers you must provide a service URL using the following syntax:

    icap_service <s1> <reqmod>|<respmod>_precache <precache value> icap://<ipaddress>:<port>/<reqmod>|<respmod>

    where:

    <s1> is the service to be created for ICAP request or response. This must be a unique name.

    <reqmod>|<respmod>_precache indicates the presence or absence of cache data on ICAP client for a request or response modification. The precache value can be 0 (to indicate no data cache) or 1 (to indicate cache data).

    <ipaddress> is the IP address of the ICAP agent host machine.

    <port> specifies the port number used for communication between the ICAP client and ICAP agent. If you use the default port (1344), you can omit the port number from the URL.

    <reqmod>|<respmod> identifies the type of event, an HTTP request or HTTP response. The XML metadata in the downloaded file in iConsole contains the event mode as <reqmod>|<respmod>.

  4. Enable the ICAP v1 options Client Address and Authenticated User.
  5. Disable Preview Size for HTTP responses.

    This option is not supported by the CA Data Protection ICAP agent. If it is enabled, the ICAP agent may not work correctly.