Create a Custom exception page for ICAP errors.
search cancel

Create a Custom exception page for ICAP errors.

book

Article ID: 170540

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You wish to serve a custom exception page defined on ProxySG for any or a specific ICAP error.

Environment

ProxySG and AV/CA device are required. The AV/CA device returns the ICAP error page and the proxy SG can act upon receiving the ICAP error with an exception page.

Resolution

For the purpose of the demo we used the "MaxFIleSizeExceeded" ICAP error page returned:

===============================

Below output taken from the policy trace

================================

(Lines omitted for brevity)

MATCH:         icap_error_code=any exception(user_defined.user-defined.my_exception)

(Lines omitted for brevity)

ICAP RESPMOD Scan Summary:
    Error code: max_file_size_exceeded
    Details: Maximum file size exceeded; File: ubuntu-16.04.3-desktop-amd64.iso; Sub File: Unknown; Vendor: Pre AV call, no vendor data; Engine version: Unknown; Pattern version: Unknown; Pattern date: Unknown
    Summary: icap-error-code: max_file_size_exceeded, icap-error-details: Maximum file size exceeded; File: ubuntu-16.04.3-desktop-amd64.iso; Sub File: Unknown; Vendor: Pre AV call, no vendor data; Engine version: Unknown; Pattern version: Unknown; Pattern date: Unknown

(Lines omitted for brevity)

================================

You can see that the ICAP error page was returned and also that we MATCH-ed the rule to serve an exception page

 

The solution can be applied both in VPM and CPL.

CPL solution:

<Proxy>
 icap_error_code=({ICAP error}) exception(user-defined.{Exception page})

Where {ICAP error} is one of the below and {Exception page} is as defined under MC>Configuration>Policy>Exceptions

scan_timeout, decode_error, password_protected, insufficient_space, max_file_size_exceeded, max_total_size_exceeded, max_total_files_exceeded, file_extension_blocked, antivirus_load_failure, antivirus_license_expired, antivirus_engine_error, connection_failure, request_timeout, internal_error, server_error, server_unavailable.

 

VPM solution

  1. Launch the VPM editor - MC>Configuration>Policy>Visual Policy Manager>Launch
  2. Use an existing or new Web Access Layer - Policy>Web Access layer
  3. Add a rule with a "Service" set to "ICAP Error Code" object and choose the error from the list on the left by adding it to the list on the right.
  4. For action choose the custom exception page by using the "Return Exception" object.

ALT-VPM

ALT-ICAP

*NOTE - This solution assumes that ICAP service is configured and the traffic is send for scanning.

 

Powered by Wolken Software