Hi,
I am working on a product that requires integration with DLP to scan remote files for possible violations. Following suggestions of several tutorials, I manually build an HTTP response packet and send it to the detection server using ICAP. Everything works, but there are two features I don't know how to implement:
- Can I get the list of violations in the ICAP response? Other products return them in a special ICAP header. If not, is there an API that I can use to get them from the server?
- Can I send the file name in the packet so it will appear in the incident report? Currently they are always marked as coming from "http://unknownurl.com" and there is no clear distinction between incidents.
Here is a sample request ICAP packet:
RESPMOD icap://192.168.1.10:1344/RESPMOD ICAP/1.0
Host: 192.168.1.10
Allow: 204
Encapsulated: res-hdr=0, res-body=65HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 7046
------------------------------
test
------------------------------
0
And a sample ICAP response:
ICAP/1.0 200 OK
Cache-Control: no-cache
ISTag: "Vontu11.6"
Encapsulated: res-hdr=0, res-body=141HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Fri, 12 Sep 2014 10:33:56 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 3927
Content blocked due to policy violation
0
Thank you!