Fortinet black logo

CLI Reference

icap profile

icap profile

Use this command to configure an ICAP profile in order to determine how the ICAP server will process request and response messages.

config icap profile
    edit {name}
    # Configure ICAP profiles.
        set replacemsg-group {string}   Replacement message group. size[35] - datasource(s): system.replacemsg-group.name
        set name {string}   ICAP profile name. size[35]
        set request {disable | enable}   Enable/disable whether an HTTP request is passed to an ICAP server.
        set response {disable | enable}   Enable/disable whether an HTTP response is passed to an ICAP server.
        set streaming-content-bypass {disable | enable}   Enable/disable bypassing of ICAP server for streaming content.
        set request-server {string}   ICAP server to use for an HTTP request. size[35] - datasource(s): icap.server.name
        set response-server {string}   ICAP server to use for an HTTP response. size[35] - datasource(s): icap.server.name
        set request-failure {error | bypass}   Action to take if the ICAP server cannot be contacted when processing an HTTP request.
                error   Error.
                bypass  Bypass.
        set response-failure {error | bypass}   Action to take if the ICAP server cannot be contacted when processing an HTTP response.
                error   Error.
                bypass  Bypass.
        set request-path {string}   Path component of the ICAP URI that identifies the HTTP request processing service. size[127]
        set response-path {string}   Path component of the ICAP URI that identifies the HTTP response processing service. size[127]
        set methods {option}   The allowed HTTP methods that will be sent to ICAP server for further processing.
                delete   Forward HTTP request or response with DELETE method to ICAP server for further processing.
                get      Forward HTTP request or response with GET method to ICAP server for further processing.
                head     Forward HTTP request or response with HEAD method to ICAP server for further processing.
                options  Forward HTTP request or response with OPTIONS method to ICAP server for further processing.
                post     Forward HTTP request or response with POST method to ICAP server for further processing.
                put      Forward HTTP request or response with PUT method to ICAP server for further processing.
                trace    Forward HTTP request or response with TRACE method to ICAP server for further processing.
                other    Forward HTTP request or response with All other methods to ICAP server for further processing.
    next
end

Additional information

The following section is for those options that require additional explanation.

methods {delete | get | head | options | post | put | trace | other}

Allowed HTTP methods that will be sent to an ICAP server for further processing; this is only configurable in the CLI. All methods are enabled by default.

replacemsg-group <name>

Replacement message group to assign to the profile, as configured under config system replacemsg-group.

request {enable | disable}

Enable or disable (by default) whether an HTTP request is passed to an ICAP server.

request-failure {error | bypass}

Note: This entry is only available when request is set to enable.

Action to take if the ICAP server cannot be contacted when processing an HTTP request. The default is set to error.

request-path <path>

Note: This entry is only available when request is set to enable.

Path component of the ICAP URI that identifies the HTTP request processing service. For instance, if the Windows share name was “Processes”, and the directory within the share was “Content-Filter”, the path would be “/Processes/Content-Filter/".

request-server <ip>

Note: This entry is only available when request is set to enable.

ICAP server to use for HTTP requests, as configured under config icap server.

response {enable | disable}

Enable or disable (by default) whether an HTTP request is passed to an ICAP server.

response-failure {error | bypass}

Note: This entry is only available when response is set to enable.

Action to take if the ICAP server cannot be contacted when processing an HTTP response. The default is set to error.

response-path <path>

Note: This entry is only available when response is set to enable.

Path component of the ICAP URI that identifies the HTTP response processing service. For instance, if the Windows share name was “Processes”, and the directory within the share was “Content-Filter”, the path would be “/Processes/Content-Filter/".

response-server <ip>

Note: This entry is only available when response is set to enable.

ICAP server to use for HTTP responses, as configured under config icap server.

streaming-content-bypass {enable | disable}

Enable or disable (by default) streaming media to ignore offloading to an ICAP server.

icap profile

Use this command to configure an ICAP profile in order to determine how the ICAP server will process request and response messages.

config icap profile
    edit {name}
    # Configure ICAP profiles.
        set replacemsg-group {string}   Replacement message group. size[35] - datasource(s): system.replacemsg-group.name
        set name {string}   ICAP profile name. size[35]
        set request {disable | enable}   Enable/disable whether an HTTP request is passed to an ICAP server.
        set response {disable | enable}   Enable/disable whether an HTTP response is passed to an ICAP server.
        set streaming-content-bypass {disable | enable}   Enable/disable bypassing of ICAP server for streaming content.
        set request-server {string}   ICAP server to use for an HTTP request. size[35] - datasource(s): icap.server.name
        set response-server {string}   ICAP server to use for an HTTP response. size[35] - datasource(s): icap.server.name
        set request-failure {error | bypass}   Action to take if the ICAP server cannot be contacted when processing an HTTP request.
                error   Error.
                bypass  Bypass.
        set response-failure {error | bypass}   Action to take if the ICAP server cannot be contacted when processing an HTTP response.
                error   Error.
                bypass  Bypass.
        set request-path {string}   Path component of the ICAP URI that identifies the HTTP request processing service. size[127]
        set response-path {string}   Path component of the ICAP URI that identifies the HTTP response processing service. size[127]
        set methods {option}   The allowed HTTP methods that will be sent to ICAP server for further processing.
                delete   Forward HTTP request or response with DELETE method to ICAP server for further processing.
                get      Forward HTTP request or response with GET method to ICAP server for further processing.
                head     Forward HTTP request or response with HEAD method to ICAP server for further processing.
                options  Forward HTTP request or response with OPTIONS method to ICAP server for further processing.
                post     Forward HTTP request or response with POST method to ICAP server for further processing.
                put      Forward HTTP request or response with PUT method to ICAP server for further processing.
                trace    Forward HTTP request or response with TRACE method to ICAP server for further processing.
                other    Forward HTTP request or response with All other methods to ICAP server for further processing.
    next
end

Additional information

The following section is for those options that require additional explanation.

methods {delete | get | head | options | post | put | trace | other}

Allowed HTTP methods that will be sent to an ICAP server for further processing; this is only configurable in the CLI. All methods are enabled by default.

replacemsg-group <name>

Replacement message group to assign to the profile, as configured under config system replacemsg-group.

request {enable | disable}

Enable or disable (by default) whether an HTTP request is passed to an ICAP server.

request-failure {error | bypass}

Note: This entry is only available when request is set to enable.

Action to take if the ICAP server cannot be contacted when processing an HTTP request. The default is set to error.

request-path <path>

Note: This entry is only available when request is set to enable.

Path component of the ICAP URI that identifies the HTTP request processing service. For instance, if the Windows share name was “Processes”, and the directory within the share was “Content-Filter”, the path would be “/Processes/Content-Filter/".

request-server <ip>

Note: This entry is only available when request is set to enable.

ICAP server to use for HTTP requests, as configured under config icap server.

response {enable | disable}

Enable or disable (by default) whether an HTTP request is passed to an ICAP server.

response-failure {error | bypass}

Note: This entry is only available when response is set to enable.

Action to take if the ICAP server cannot be contacted when processing an HTTP response. The default is set to error.

response-path <path>

Note: This entry is only available when response is set to enable.

Path component of the ICAP URI that identifies the HTTP response processing service. For instance, if the Windows share name was “Processes”, and the directory within the share was “Content-Filter”, the path would be “/Processes/Content-Filter/".

response-server <ip>

Note: This entry is only available when response is set to enable.

ICAP server to use for HTTP responses, as configured under config icap server.

streaming-content-bypass {enable | disable}

Enable or disable (by default) streaming media to ignore offloading to an ICAP server.