Content Adaptation for HTTP Requests with Symantec
Hi Team,
I need your help to configure content adaption request on f5 LTM. F5 is integrated with Symantec using ICAP protocol. When any infected malicious request comes; Symantec send 201 response which is not processed further and response halt on F5 before reaching back to user. Symantec can only send 201 and 403 request for infected request. 201 response states new response created against actual request. As per F5 all infected request ICAP response should be either go to 200 or 204 to forward response back to users.
Action points: 1.We have to send infected file scanning response back to users. As per current scenario which is possible only if ICAP response will be 200 and 204 on F5. 2.To implement this we have to perform traffic modification on F5 so that if any infected request will be forwarded to Symantec it’s return response should be 200 or 204. Or in other way we have to do some modification on Symantec ICAP 201 response to get it change to 204 on F5.
Recommendation: