The ICAP Protocol

ICAP (Internet Content Adaptation Protocol) is a protocol aimed at supporting HTTP content adaptation. In brief, the protocol works as follows. An ICAP client passes an HTTP message to the ICAP server. The server processes the message and sends a response back to the client. Messages can be either HTTP requests or HTTP responses. An ICAP client can be either a Web proxy server or a Web client. An ICAP server can support services which are explicitly requested by clients.

As an example of the protocol's usage, imagine the following scenario. An ICAP server implements two services: an access control service, and an antivirus service. Hosts inside a network have access to the Internet through a Web proxy server. This Web proxy server acts as an ICAP client, which communicates with the ICAP server.

According to the above scenario, the access control service provided by the ICAP server checks whether a Web client can connect to a Web site requested by the client. More specifically, the Web client sends an HTTP request to the proxy server. Then, the proxy server forwards the HTTP request to the ICAP server and asks for the access control service. The access control service of the ICAP server checks whether the client can visit or not the requested site. Eventually, the ICAP server either allows the proxy server to proceed with the request or otherwise, responds with an informative HTTP message, which is redirected to the Web client by the proxy server.

The antivirus service, on the other hand, checks whether data passed through the proxy server are affected by a virus. When an HTTP response comes to the proxy server, the proxy server forwards the response to the ICAP server and asks for the antivirus service. The ICAP server scans the incoming data for viruses. If a virus is detected, the ICAP server responds with a Web page informing the user about the problem. If no virus is detected, the original data are sent back to the proxy server or alternatively, the proxy server is informed by the ICAP server that the original data are safe to be sent to the client.

The ICAP protocol can be easily extended so that it can manipulate other forms of data and not simply HTTP requests and responses. For instance, it could be extended to handle email messages. The format of an email message is similar to the format of an HTTP response. Email headers follow the format used by the HTTP protocol, while the body of an email message corresponds to an HTTP object body. In general, every object or piece of data can be described as an HTTP object. For example, a simple file can be enclosed into an object that includes the actual content of the file as well as file descriptors (Content-Length, Content-Type, Content-Language, and Date) in the form of HTTP headers.

© 2007 - Tsantilas Christos.