Product guide
REQMOD and RESPMOD
ICAP has two modes: REQMOD (request mode) and RESPMOD (response mode). Each mode scans a
web traffic request between the user and the web.
About REQMOD
REQMOD scans the user's web request (outbound traffic) as it travels out to the web.
When using ICAP, the outbound web traffic request arrives at the Microsoft ISA Server where the ICAP
plugin redirects it to the McAfee Web Gateway or McAfee DLP appliance. The McAfee Web Gateway or
McAfee DLP appliance then filters the request, determines if it is allowed or blocked, and sends that
allowed or blocked response back to the Microsoft ISA Server.
If the request is blocked, then the ICAP server on the McAfee Web Gateway or McAfee DLP appliance
modifies the request and sends it back to the Microsoft ISA Server. The request is modified with a
valid HTTP response, such as the request to a particular URL is not allowed. The Microsoft ISA Server
then sends the block response to the user. The actual block response is based on policies and rules set
up in the McAfee Web Gateway or McAfee DLP appliance.
If the request is allowed, then the Microsoft ISA Server sends the request out to the web to get the
content. At this point, RESPMOD starts.
About RESPMOD
RESPMOD scans the response to the user (inbound traffic) from the web.
After REQMOD is done and the request is allowed, then the web sends back the content. The response
arrives at the Microsoft ISA Server where the ICAP plugin redirects it to the McAfee Web Gateway
appliance. The McAfee Web Gateway appliance filters the content and takes action based on polices
and rules you have set up.
If the response is allowed, it is sent back to the Microsoft ISA Server, which then delivers the web
content to the user.
If the response is blocked, then the ICAP server on the McAfee Web Gateway appliance modifies the
request and sends it back to the Microsoft ISA Server. The request is modified with a valid HTTP
response, such as the request to a particular URL is not allowed. The Microsoft ISA Server then sends
the block response to the user. The actual block response is based on policies and rules set up in the
McAfee Web Gateway appliance.
Depending on your McAfee Web Gateway policies, you might scan both incoming and outgoing
requests, or only one of them.
See also
About the ICAP plugin on page 11
Configure the ICAP plugin for McAfee Web Gateway 6.x appliance
Configure the ICAP plugin for use with a McAfee Web Gateway 6.x appliance.
Configure the following for the ICAP plugin with a McAfee Web Gateway 6.x appliance.
The ICAP plugin is enabled by default.
1
Enable and configure the REQMOD and RESPMOD server settings on the plugin.
2
(Optional) Configure REQMOD and RESPMOD logging on the McAfee Web Gateway 6.x appliance.
3
ICAP plugin
Configure the ICAP plugin for McAfee Web Gateway 6.x appliance
12
McAfee
®
Plugins for Microsoft ISA Server 1.4.0 Software Product Guide