Halo ICAP server FAQs
What is ICAP?
ICAP (Internet Content Adaptation Protocol) is a protocol used to offload tasks such as virus scanning and content filtering to dedicated servers.
What is an ICAP-based CDR solution?
A Content Disarm and Reconstruction (CDR) solution sanitizes files by removing potentially harmful elements and reconstructing them to ensure they are safe.
Glasswall Halo’s ICAP server integrates with your existing security infrastructure to give you control over the protection and availability of files and web-based content entering or leaving your organisation.
What are the key benefits of using an ICAP-based CDR solution?
- Real-time threat removal
- Seamless integration with existing security infrastructure
- Automated file sanitisation without user intervention
- Compliance with regulatory requirements
- Enhanced security and reduced risk of zero-day attacks
How does the ICAP integration work with existing security infrastructure?
The Halo ICAP server acts as an intermediary between ICAP clients (such as proxy servers, firewalls, or gateways) and the Glasswall Halo service.
When a file passes through the ICAP client, it is sent to Glasswall Halo via ICAP for sanitisation before being returned to the client. Detailed configuration guides for popular ICAP clients are available in the documentation.
Which security appliances are compatible with Glasswall Halo's ICAP solution?
The Halo ICAP server is compatible with any ICAP-enabled security appliance. Detailed configuration guides are available for the following platforms:
It is also compatible with Squid Proxy Server v5.x:
What type of content is supported by Glasswall Halo's ICAP solution?
Any content sent via ICAP includes a media type that can be passed to the Halo ICAP server for processing.
Content with a file type supported by Glasswall Halo can be sanitised. For a full list, see the supported file types documentation.
Media type to file type mappings are defined in ICAP profiles, which list all configurable media types.
Can I control what types of content are processed?
Customers have full control over how the Halo ICAP server handles each media type:
- Process — Sanitise supported file types using CDR and return them
- Block — Replace content with an error report explaining why it is blocked
- Bypass — Return content unmodified and unprotected
For each request, the ICAP client receives either the original content, sanitised content, or an error report.
How do I manage how my content is processed?
Content processing rules are defined in an ICAP profile.
Since the profile is sent with each request, customers can create multiple profiles to support different security use cases. ICAP profiles can be configured via the Profile Management API or through the Halo portal.
What happens to content processed by Glasswall Halo's ICAP server?
Processed files are returned to the ICAP client, which then forwards them to the intended recipient or destination.
The files are safe and free from potential threats.
What happens to content that gets blocked or cannot be processed?
If Halo is instructed to block content, or is unable to process a file, the content is replaced with an error report.
The report explains why the content is inaccessible and includes detailed request information that administrators can use for investigation.
Can I monitor requests going through the Halo ICAP server?
Halo provides comprehensive auditing and reporting capabilities for ICAP traffic.
You can access a full audit trail of ICAP requests, including attributes, content, and processing status. This data is also presented in visual reports that highlight trends and key metrics over time.
Is there a cost to enable the Halo ICAP server?
No. The Halo ICAP server is included with all Glasswall Halo licence options.
You only need to deploy the required infrastructure and enable ICAP.
How do I enable and configure the Halo ICAP server?
The ICAP server can be enabled by following the ICAP setup guide.
For appliance-specific configuration, refer to the detailed guides available for supported ICAP-enabled security platforms.