Key Capabilities
- Real-time content adaptation and security scanning
- Support for both request modification (REQMOD) and response modification (RESPMOD) modes
- TLS encryption support for secure communications
- Customizable HTTP encapsulation for legacy system compatibility
- Flexible authentication options including private certificate support
- Functions as a Transform step in the flow. Files that are flagged as needing attention yield errors, while other files proceed down the flow as usual.
Connector Configuration
This section contains all of the configurable connector properties.Settings Tab
Settings related to the core configuration of the connector.| Setting | Description |
|---|---|
| Connector Id | The static, unique identifier for the connector. |
| Connector Type | Displays the connector name and a description of what it does. |
| Connector Description | An optional field to provide a free-form description of the connector and its role in the flow. |
| ICAP URI | (Required) The ICAP Uniform Resource Identifier (URI) of the ICAP server to connect to. Must be in this format: icap://<hostname>:<port>/<service_name>. |
| ICAP Headers | Optional headers for specialized server requirements. Use this to add custom ICAP request headers that you want to include in the outgoing ICAP request. |
| TLS Configuration | Check this to enable TLS encryption for the ICAP connection. |
| TLS Server Certificate | The public key certificate used to verify the identity of an TLS/SSL server. This is only necessary if the ICAP server has enabled TLS. Set it to Any Certificate to unconditionally trust the ICAP server’s identity. Only relevant when TLS Configuration is enabled. |
| Local File Scheme | A scheme for assigning filenames to messages that are output by the connector. You can use macros in your filenames dynamically to include information such as identifiers and timestamps. For more information, see Macros. |
Advanced Tab
TLS Client Authentication
| Setting | Description |
|---|---|
| Private Certificate | Select, create, or upload the TLS certificate to use for authentication. |
| Certificate Password | The password required to access the Private Certificate. |
Other Settings
| Setting | Description |
|---|---|
| ICAP Mode | Specify the type of ICAP transaction: use REQMOD for request modification or RESPMOD for response modification. The default is REQMOD. |
| Script in Headers | Allows for the evaluation of Script expressions in the headers before the query is issued. For example, [_ | now('yyyy-MM-dd')] evaluates the current date, and [_message.header:headername] evaluates the headername header from the input message context. |
| Script in URL | Allows for the evaluation of Script expressions in the URL before the query is issued. For example, [_ | now('yyyy-MM-dd')] evaluates the current date, and [_message.header:headername] evaluates the headername header from the input message context. |
| Preview size | Controls the size of the message body preview sent to the ICAP server. Automatic makes your client query the server using an OPTIONS request to determine the optimal preview size. Alternatively, you can specify an exact number (in bytes) to use for the preview size. |
| Chunk size | The maximum size (in bytes) of each data chunk sent after the preview phase (or for requests without a preview). The default is 16KB. |
| Timeout (seconds) | The length of time in seconds that the connector waits for a connection response before throwing a timeout error. The default is 60 seconds. |
| Response Headers | A comma-separated list of ICAP response header names (such as X-Infection-Found,X-Scan-Result) to be extracted and added as metadata to the processed message. |
| TLS Enabled Protocols | The list of TLS/SSL protocols supported when establishing outgoing connections. Best practice is to only use TLS protocols. SSL v2 and SSL v3 are considered vulnerable and should only be used if your partner does not support higher versions. Keep in mind that TLS v1.3 is not universally adopted, and might be refused if the destination server does not support it. |
Proxy Settings
Logging
Miscellaneous
Automation Tab
Automation Settings
Settings related to the automatic processing of files by the connector.| Setting | Description |
|---|---|
| Send | Whether files arriving at the connector are automatically sent as ICAP transactions. |
Performance
Alerts Tab
SLAs Tab
Transactions Tab
This tab lists all messages associated with the connector. Use the search bar to find specific messages, or click the funnel icon to apply a filter. You can filter by time, message direction, and/or status. Incoming responses appear on this tab.Events Tab
| Event | Description |
|---|---|
| Response | This event lets you extend the way the connector interprets replies from the ICAP server. By default, the connector finalizes messages based on the ICAP server’s status code. However, since ICAP servers can also include scan details in response headers, the Response event lets you apply custom logic to those headers for more granular control. No output is created from this event; instead, you can use the arc:throw keyword to block the file (for example, if a particular header value indicates a failed scan). |
| Before Send | This event fires after the connector has fully prepared a file to send/process a file, but before the sending/processing actually occurs. |
| After Receive | This event fires after the connector has received a file. |
- StatusCode: The ICAP response status code (such as 200, 204, or 4xx)
- _response: The ICAP response. You can use
[_response.header:xxx]to get a specific header. - _message: To refer to the input message (headers and body), and adding headers to the output.