1. ICAP server Configuration
Configuration via Metadefender Core Management Console
To start the ICAP server from the Metadefender Core Management Console, follow the steps below and see the screenshot:
-
In your browser, go to http://localhost:8008/management
-
Click on the 'Sources' tab.
-
Click on 'Metadefender Proxy' on the left side.
-
Select 'Apply'.
Configuration via INI
Metadefender Core ICAP server can be configured using an ini configuration file which is installed under Metadefender Core install directory.
The ICAP server configuration is done in omsConfig.ini. Applying configuration changes requires to restart the ICAP server.
Key |
Description |
maxnum_sockets |
Range: 1~1000 Number of worker threads to handle ICAP requests. Configures the number of threads that will be used by the Metadefender Core ICAP server for handling requests. For optimal performance, this should be set to a value higher than the number of processor cores available to the Metadefender Core system |
maxnum_connections |
Default: 355 The maximum number of simultaneous connections that the ICAP server is able to support. Certain proxy servers will use this value to restrict the requests that are made of the Metadefender Core ICAP server and will not send more than this number of simultaneous requests to the Metadefender Core ICAP server.
|
port |
Range: 1 - 65535 Port the server is listening to. If you are installing with other product which have ICAP interface, you must change to different port. |
block_on_max_capacity |
Range: 0 - 1 Blocking (i.e. return 403 forbidden to HTTP clients) every request coming in when Metadefender Core is overloaded (i.e. "Metascan server too busy"). A "Metascan server is too busy. Please try again later." message will be displayed in clients browsers.
|
path_to_custom_html |
Value: Absolute file path or file path relative to omsICAPServer.exe directory Path to custom HTML page to be displayed to the user when content is blocked, request rejected due to license, server too busy, etc.
|
scan_health_checks |
Range: 0 - 1 Scan client specific health checks.
|
dump_invalid_requests |
Range: 0 - 1 Outputs the invalid buffer to a file ending in "_400_Bad_Request.txt" Slight performance impact when invalid requests are processed. Should only be enabled for investigation purpose.
|
log_file |
Value: Absolute file path or file path relative to omsICAPServer.exe directory The path to the debug log file. |
skip_too_big_file |
Range: 0 - Max Unsigned Long Allows the ICAP server to skip scanning a file if the file is too large. The value specifies in bytes the threshold for skipping files. A value of 0 means this feature is off, anything greater than 0 indicates this feature is on |
use_persistent_connections |
Range: 0 - 1 This should be used for improved performance. The ICAP server keeps the connections open, so they can be reused for several requests.
|
sanitization_postfix |
Value: Custom text postfix, that will be appended to Content-Disposition header's filename if the file is sanitized. This postfix can be used to indicate if a file is sanitized. If the key is not set or set to empty string, no postfix will be appended. For example (PDF to PDF sanitization is enabled in Core workflow) and this configuration is done as follows. For the following HTTP header, sanitization_postfix=[sanitized] Content-Disposition: attachment; filename= "report.pdf" ; will be modified to Content-Disposition: attachment; filename= "report[sanitized].pdf" ; |