Fortinet white logo
Fortinet white logo

CLI Reference

config icap profile

config icap profile

Configure ICAP profiles.

config icap profile
    Description: Configure ICAP profiles.
    edit <name>
        set chunk-encap [disable|enable]
        set extension-feature {option1}, {option2}, ...
        set icap-block-log [disable|enable]
        config icap-headers
            Description: Configure ICAP forwarded request headers.
            edit <id>
                set id {integer}
                set name {string}
                set content {string}
                set base64-encoding [disable|enable]
            next
        end
        set methods {option1}, {option2}, ...
        set name {string}
        set preview [disable|enable]
        set preview-data-length {integer}
        set replacemsg-group {string}
        set request [disable|enable]
        set request-failure [error|bypass]
        set request-path {string}
        set request-server {string}
        set respmod-default-action [forward|bypass]
        config respmod-forward-rules
            Description: ICAP response mode forward rules.
            edit <name>
                set name {string}
                set host {string}
                config header-group
                    Description: HTTP header group.
                    edit <id>
                        set id {integer}
                        set header-name {string}
                        set header {string}
                        set case-sensitivity [disable|enable]
                    next
                end
                set action [forward|bypass]
                set http-resp-status-code <code1>, <code2>, ...
            next
        end
        set response [disable|enable]
        set response-failure [error|bypass]
        set response-path {string}
        set response-req-hdr [disable|enable]
        set response-server {string}
        set scan-progress-interval {integer}
        set streaming-content-bypass [disable|enable]
    next
end

config icap profile

Parameter

Description

Type

Size

Default

chunk-encap

Enable/disable chunked encapsulation.

option

-

disable

Option

Description

disable

Do not encapsulate chunked data.

enable

Encapsulate chunked data into a new chunk.

extension-feature

Enable/disable ICAP extension features.

option

-

Option

Description

scan-progress

Support X-Scan-Progress-Interval ICAP header.

icap-block-log

Enable/disable UTM log when infection found.

option

-

disable

Option

Description

disable

Disable UTM log when infection found.

enable

Enable UTM log when infection found.

methods

The allowed HTTP methods that will be sent to ICAP server for further processing.

option

-

delete get head options post put trace other

Option

Description

delete

Forward HTTP request or response with DELETE method to ICAP server for further processing.

get

Forward HTTP request or response with GET method to ICAP server for further processing.

head

Forward HTTP request or response with HEAD method to ICAP server for further processing.

options

Forward HTTP request or response with OPTIONS method to ICAP server for further processing.

post

Forward HTTP request or response with POST method to ICAP server for further processing.

put

Forward HTTP request or response with PUT method to ICAP server for further processing.

trace

Forward HTTP request or response with TRACE method to ICAP server for further processing.

other

Forward HTTP request or response with All other methods to ICAP server for further processing.

name

ICAP profile name.

string

Not Specified

preview

Enable/disable preview of data to ICAP server.

option

-

disable

Option

Description

disable

Disable preview of data to ICAP server.

enable

Enable preview of data to ICAP server.

preview-data-length

Preview data length to be sent to ICAP server.

integer

Minimum value: 0 Maximum value: 4096

0

replacemsg-group

Replacement message group.

string

Not Specified

request

Enable/disable whether an HTTP request is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP request passing to ICAP server.

enable

Enable HTTP request passing to ICAP server.

request-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP request.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

request-path

Path component of the ICAP URI that identifies the HTTP request processing service.

string

Not Specified

request-server

ICAP server to use for an HTTP request.

string

Not Specified

respmod-default-action

Default action to ICAP response modification (respmod) processing.

option

-

forward

Option

Description

forward

Forward response to icap server unless a rule specifies not to.

bypass

Don't forward request to icap server unless a rule specifies to forward the request.

response

Enable/disable whether an HTTP response is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP response passing to ICAP server.

enable

Enable HTTP response passing to ICAP server.

response-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP response.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

response-path

Path component of the ICAP URI that identifies the HTTP response processing service.

string

Not Specified

response-req-hdr

Enable/disable addition of req-hdr for ICAP response modification (respmod) processing.

option

-

enable

Option

Description

disable

Do not add req-hdr for response modification (respmod) processing.

enable

Add req-hdr for response modification (respmod) processing.

response-server

ICAP server to use for an HTTP response.

string

Not Specified

scan-progress-interval

Scan progress interval value.

integer

Minimum value: 5 Maximum value: 30

10

streaming-content-bypass

Enable/disable bypassing of ICAP server for streaming content.

option

-

disable

Option

Description

disable

Disable bypassing of ICAP server for streaming content.

enable

Enable bypassing of ICAP server for streaming content.

config icap-headers

Parameter

Description

Type

Size

Default

id

HTTP forwarded header ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

HTTP forwarded header name.

string

Not Specified

content

HTTP header content.

string

Not Specified

base64-encoding

Enable/disable use of base64 encoding of HTTP content.

option

-

disable

Option

Description

disable

Disable use of base64 encoding of HTTP content.

enable

Enable use of base64 encoding of HTTP content.

config respmod-forward-rules

Parameter

Description

Type

Size

Default

name

Address name.

string

Not Specified

host

Address object for the host.

string

Not Specified

action

Action to be taken for ICAP server.

option

-

forward

Option

Description

forward

Forward request to ICAP server when this rule is matched.

bypass

Don't forward request to ICAP server when this rule is matched.

http-resp-status-code <code>

HTTP response status code.

HTTP response status code.

integer

Minimum value: 100 Maximum value: 599

440275604 **

** Values may differ between models.

config header-group

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

header-name

HTTP header.

string

Not Specified

header

HTTP header regular expression.

string

Not Specified

case-sensitivity

Enable/disable case sensitivity when matching header.

option

-

disable

Option

Description

disable

Ignore case when matching header.

enable

Do not ignore case when matching header.

config icap profile

config icap profile

Configure ICAP profiles.

config icap profile
    Description: Configure ICAP profiles.
    edit <name>
        set chunk-encap [disable|enable]
        set extension-feature {option1}, {option2}, ...
        set icap-block-log [disable|enable]
        config icap-headers
            Description: Configure ICAP forwarded request headers.
            edit <id>
                set id {integer}
                set name {string}
                set content {string}
                set base64-encoding [disable|enable]
            next
        end
        set methods {option1}, {option2}, ...
        set name {string}
        set preview [disable|enable]
        set preview-data-length {integer}
        set replacemsg-group {string}
        set request [disable|enable]
        set request-failure [error|bypass]
        set request-path {string}
        set request-server {string}
        set respmod-default-action [forward|bypass]
        config respmod-forward-rules
            Description: ICAP response mode forward rules.
            edit <name>
                set name {string}
                set host {string}
                config header-group
                    Description: HTTP header group.
                    edit <id>
                        set id {integer}
                        set header-name {string}
                        set header {string}
                        set case-sensitivity [disable|enable]
                    next
                end
                set action [forward|bypass]
                set http-resp-status-code <code1>, <code2>, ...
            next
        end
        set response [disable|enable]
        set response-failure [error|bypass]
        set response-path {string}
        set response-req-hdr [disable|enable]
        set response-server {string}
        set scan-progress-interval {integer}
        set streaming-content-bypass [disable|enable]
    next
end

config icap profile

Parameter

Description

Type

Size

Default

chunk-encap

Enable/disable chunked encapsulation.

option

-

disable

Option

Description

disable

Do not encapsulate chunked data.

enable

Encapsulate chunked data into a new chunk.

extension-feature

Enable/disable ICAP extension features.

option

-

Option

Description

scan-progress

Support X-Scan-Progress-Interval ICAP header.

icap-block-log

Enable/disable UTM log when infection found.

option

-

disable

Option

Description

disable

Disable UTM log when infection found.

enable

Enable UTM log when infection found.

methods

The allowed HTTP methods that will be sent to ICAP server for further processing.

option

-

delete get head options post put trace other

Option

Description

delete

Forward HTTP request or response with DELETE method to ICAP server for further processing.

get

Forward HTTP request or response with GET method to ICAP server for further processing.

head

Forward HTTP request or response with HEAD method to ICAP server for further processing.

options

Forward HTTP request or response with OPTIONS method to ICAP server for further processing.

post

Forward HTTP request or response with POST method to ICAP server for further processing.

put

Forward HTTP request or response with PUT method to ICAP server for further processing.

trace

Forward HTTP request or response with TRACE method to ICAP server for further processing.

other

Forward HTTP request or response with All other methods to ICAP server for further processing.

name

ICAP profile name.

string

Not Specified

preview

Enable/disable preview of data to ICAP server.

option

-

disable

Option

Description

disable

Disable preview of data to ICAP server.

enable

Enable preview of data to ICAP server.

preview-data-length

Preview data length to be sent to ICAP server.

integer

Minimum value: 0 Maximum value: 4096

0

replacemsg-group

Replacement message group.

string

Not Specified

request

Enable/disable whether an HTTP request is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP request passing to ICAP server.

enable

Enable HTTP request passing to ICAP server.

request-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP request.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

request-path

Path component of the ICAP URI that identifies the HTTP request processing service.

string

Not Specified

request-server

ICAP server to use for an HTTP request.

string

Not Specified

respmod-default-action

Default action to ICAP response modification (respmod) processing.

option

-

forward

Option

Description

forward

Forward response to icap server unless a rule specifies not to.

bypass

Don't forward request to icap server unless a rule specifies to forward the request.

response

Enable/disable whether an HTTP response is passed to an ICAP server.

option

-

disable

Option

Description

disable

Disable HTTP response passing to ICAP server.

enable

Enable HTTP response passing to ICAP server.

response-failure

Action to take if the ICAP server cannot be contacted when processing an HTTP response.

option

-

error

Option

Description

error

Error.

bypass

Bypass.

response-path

Path component of the ICAP URI that identifies the HTTP response processing service.

string

Not Specified

response-req-hdr

Enable/disable addition of req-hdr for ICAP response modification (respmod) processing.

option

-

enable

Option

Description

disable

Do not add req-hdr for response modification (respmod) processing.

enable

Add req-hdr for response modification (respmod) processing.

response-server

ICAP server to use for an HTTP response.

string

Not Specified

scan-progress-interval

Scan progress interval value.

integer

Minimum value: 5 Maximum value: 30

10

streaming-content-bypass

Enable/disable bypassing of ICAP server for streaming content.

option

-

disable

Option

Description

disable

Disable bypassing of ICAP server for streaming content.

enable

Enable bypassing of ICAP server for streaming content.

config icap-headers

Parameter

Description

Type

Size

Default

id

HTTP forwarded header ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

name

HTTP forwarded header name.

string

Not Specified

content

HTTP header content.

string

Not Specified

base64-encoding

Enable/disable use of base64 encoding of HTTP content.

option

-

disable

Option

Description

disable

Disable use of base64 encoding of HTTP content.

enable

Enable use of base64 encoding of HTTP content.

config respmod-forward-rules

Parameter

Description

Type

Size

Default

name

Address name.

string

Not Specified

host

Address object for the host.

string

Not Specified

action

Action to be taken for ICAP server.

option

-

forward

Option

Description

forward

Forward request to ICAP server when this rule is matched.

bypass

Don't forward request to ICAP server when this rule is matched.

http-resp-status-code <code>

HTTP response status code.

HTTP response status code.

integer

Minimum value: 100 Maximum value: 599

440275604 **

** Values may differ between models.

config header-group

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

header-name

HTTP header.

string

Not Specified

header

HTTP header regular expression.

string

Not Specified

case-sensitivity

Enable/disable case sensitivity when matching header.

option

-

disable

Option

Description

disable

Ignore case when matching header.

enable

Do not ignore case when matching header.