Server profiles
Server profiles under Inventory > Server profiles help to organize services of one or more servers based on the service type.
For example in case of security rules one or more MetaDefender Core servers are needed to scan requests. For this purpose a server inventory may be created collecting all available Core servers. Then at the rule itself simply this server profile needs to be selected.
Currently MetaDefender ICAP Server uses and allows MetaDefender Core type server profiles only.
Properties
| Property | Description |
|---|---|
| Server profile type | Service type Supported service types are:
|
| Profile name | Unique identifier of the server profile |
| Server specifications (URI) | Service specifications in URI syntax. Multiple server specification may be added to a server profile. At least one server specification must exist in a server profile. Only the following URI components are used:
Example: http://127.0.0.1:8008 In case of MetaDefender Core server profile types the very same URI will be used for the URLs of View scan details links on the Request details page under Dashboard > ICAP history. If the URI specified here is not reachable on the machine where the actual browsing of the Web Management Console happens (e.g. it is 127.0.0.1 and browsing happens on an other machine) then the View scan details link will be broken. See also the Request details section in 4.1. ICAP Dashboard. |
| Enable Local Scan | When this option is enabled, the ICAP server will skip the file streaming from MetaDefender ICAP Server to MetaDefender Core In order for using Local Scan feature, belows conditions must be met:
|
| Enable Webhook callback (BETA) | When this option is enable, MetaDefender Core will proactively send callback to MetaDefender ICAP Server's designated URL with full analysis result. Pooling method is disabled. In order for using webhook callbacks feature incase both MetaDefender ICAP Server and MetaDefender Core are installed on difference host, the IP Address of MetaDefender ICAP Server must be set to webhook_address, for details see Configuration file |
| Server preference | Preference order in which servers are addressed for services Possible values:
|
| Certificate based client authentication | If the destination server requires certificate based client host authentication then this checkbox must be marked MetaDefender ICAP Server will use the actual deployment's digital ID, for details see 3.2 Configuring TLS |
Property validation
Some of the server profile properties have cross-dependencies and as so must match.
| Server profile type | Server specifications (URI) allowed schemes |
|---|---|
| MetaDefender Core | http |
| MetaDefender Core | https |
| Server specifications (URI) scheme | Transport level encryption allowed values |
|---|---|
| http | N/A |
| https | N/A If https scheme is specified then the HTTP connection is established over TLS. |
Testing the configuration
Clicking the TEST button will test the configuration. The test consists of two steps:
- Syntactical validation of the values
- Connection test
If the test fails, then the server profile can not be added. Please verify the information entered and attempt the TEST again.
Syntactical validation
The correctness of the provided values is validated:
- PROFILE NAME must be unique
- The SERVER SPECIFICATIONS (URI) values must conform with the URI syntax with the restriction that only the scheme, host and port values are allowed
- Cross dependencies must match (see the 152617415 section)
Connection test
If the syntactical validation pass, then each server specification is tested for a successful connection.
Limitations
Currently the connection is tested without using TLS (when configured at all).