MetaDefender ICAP Cloud

In addition to the standard on-premise MetaDefender ICAP Server, OPSWAT also offers a SaaS-based ICAP service, hosted alongside our MetaDefender Cloud SaaS.

Integration Requirements

Integrating your ICAP client (load balancer, WAF, ingress controller, etc) with MetaDefender ICAP Cloud follows the same process as integrating with an ICAP server hosted on-premise. However, there are a few extra steps required to authenticate and secure the communication.

Connection Information

Domain

https://icap.metadefender.com

Ports

To create a secure connection between your network and MetaDefender ICAP Cloud, the following ports are used:

  • 11344 - for standard ICAP clients using ICAP protocol (TLS-enabled ICAPS)
  • 8543 - for NGINX integration using HTTPS (TLS-enabled)

Authentication

To authenticate to the MetaDefender ICAP Cloud service, a custom X-header will need to be added to allow access to the API: X-MDCLOUD-APIKEY. The value of the key will be the API Key received from My OPSWAT. Depending on the type of integration, add the custom header as required:

  • HTTP header or ICAP header when integrating with a traditional ICAP client, or...
  • HTTP request header when integrating with NGINX

Please consult the documentation for your ICAP client (the integrated network security device) for information on adding this header. See the Custom X-header section below for common integrations.

Filtering

Unlike the traditional MetaDefender ICAP Server, where licensing is per instance, MetaDefender ICAP Cloud is a consumption-based licensing model which counts each object scanned against the purchased limit. Depending on the configuration of your web application, you may need to add filtering rules to your network security device to limit which files are being sent for scanning.

For example, you may want to limit .txt or .html files from being scanned, as they count against your consumption, but since they are text-based files, are not scanned.

Please consult the the documentation for your ICAP client (the integrated network security device) for information on adding filtering rules.

Custom X-header - 3rd Party Documentation

ProductExternal documentation
F5 BIG-IP LTMhttps://my.f5.com/manage/s/article/K57354286
F5 BIG-IP ASMhttps://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/35.html
F5 BIG-IP Nexthttps://clouddocs.f5.com/bigip-next/latest/access_management/mbip_generalpurpose___items.html#http-header-and-cookies
NGINXhttps://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated on Nov 8, 2024
Next to read:
F5 BIG IP Integrations
On This Page
MetaDefender ICAP CloudIntegration RequirementsConnection InformationDomainPortsAuthenticationFilteringCustom X-header - 3rd Party Documentation