Manualshelf

Installation guide

ManualsBrandsMicroweb ManualsComputer equipmentPRO Series
51525354555657585960
Trend Micro™ InterScan™ Web Security Virtual Appliance 6.5 Installation Guide
2-26
Although IWSVA performs the same filtering of URLs and scanning of data for
unwanted content, the ICAP flow is so different from the other flows that it requires a
completely different communications protocol. Administrators indicate which protocol
(ICAP or non-ICAP) to use during post-installation configuration.
The figures that follow show the HTTP flow with single and multiple IWSVA servers.
(Both images assume the requested data is not in the ICAP device's cache.) The ICAP
service determines which IWSVA server receives the request in a multi-server
environment.
IWSVA configured in ICAP Mode processes Web page requests in the following
sequence:
1. An HTTP client makes a request for a URL, sending the request to the ICAP
caching proxy device.
2. The ICAP device, based on its configuration, determines that the request must be
forwarded to an IWSVA server. If multiple servers are available, it alternates in
round-robin fashion for load balancing.
3. The IWSVA server validates the URL.
If the URL is not blocked, IWSVA sends the response to the ICAP device.
If the URL is invalid (blocked), IWSVA directs the ICAP device to send an
appropriate response to the HTTP client and the transaction is complete.
4. If the URL is valid, the ICAP server requests the page from the Web site on the
Internet.
5. The Web site on the Internet returns the requested page (or some other appropriate
response).
6. If the page is returned, the ICAP device, based on its configuration, determines that
an IWSVA server must scan the data. Again, if multiple servers are available, it
alternates in round-robin fashion for load balancing.
7. The IWSVA server scans the results and returns an appropriate response to the
ICAP device, based on whether the data is clean or contains unwanted content.
8. If the data is clean, the ICAP device returns said data to the HTTP client, and the
ICAP device retains a copy of the data to satisfy future requests. If the data contains
unwanted content, the ICAP device returns an appropriate error message (dictated