CirrocumulusWhat is the flow of https virtual server with ASM security policy and ICAP request Adapt profile?
Hi Wasfi_Bounni ,
Bigip AWAF checks first if the request valid or not then take the decision to forward it or not.
For Example ,
If your bigip received a request , and you have awaf policy in blocking mode ,
If this request violate any of AWAF policy settings , bigip will not proceed to send the request to the ICAP Server , whereas if this Request Valid , bigip ip will move forward to the ICAP server.
The Flow from my perspective:
For more details :
if a request triggered ( illegal url ) , bigip will not proceed sending this request to ICAP server , and will block it from the first time and give you event log says " Illegal url " , but if this request valid , it will be sent to ICAP , and After ICAP checking responses for the uploaded file , bigip will send this request " maybe will be modified due to ICAP " to the selected pool member.
Make sure to follow this Article to implement AWAF - ICAP integrations. :
https://my.f5.com/manage/s/article/K70941653
Also have a look in this Video , it shows it practically :
https://www.youtube.com/watch?v=4jX4e-oPHm4
you can Test this Flow in your Lab/or Test environment .
1) define the uri that used in file upload as a disallowed uri on ASM policy ( Blocking mode)
2) try to upload the file.
3) Take a Pcap between Bigip and Icap.
4) the Expected behavior : no Icap requests to the ICap server from BIGIP , because ASM policy blocked your request because it matches illegal uri " the disallowed uri entity you have defined"
5) Remove the disallowed entity to make the uri valid and test with another Pcap between Bigip and Icap server then you shoud see the ICAP Request going to ICAP servers for further inspections.
I hope I gave you some insights 🙂you're most welcome Wasfi_Bounni , my pleasure 🙂
