McAfee DLP Prevent Web Settings

Disable ICAP scanning, and manage the types of requests that you want the appliance to handle.

Table 1: Option definitions
Option Definition
Web Settings The McAfee DLP Prevent appliance analyzes traffic from Web Gateway through the secure and unencrypted port.

Best practice: Disable all unused services.

If you choose to disable one of the channels, McAfee DLP Prevent only accepts connections from the enabled channel.

  • Services — If both channels are selected, both the secure and unencrypted ICAP ports are open.
    • Secure ICAP (port 11344) — ICAP traffic is encrypted over a TLS connection using the appliance's default certificate. Enabled by default.

      Best practice: Use the encrypted channel for your ICAP traffic.

    • Unencrypted ICAP (port 1344) — The ICAP communication is in plain text. Enabled by default.

    If neither channel is selected, the REQMOD and RESPMOD options are unavailable.

  • Methods — Specify the type of requests that you want the McAfee DLP Prevent appliance to analyze.
    • REQMOD — Enables scanning of ICAP Request Modification (REQMOD) requests to identify potential data loss incidents in content uploaded to the Internet by employees. Enabled by default. You might want to disable REQMOD if you only want to analyze RESPMOD requests.
    • RESPMOD — Enable scanning of ICAP Response Modification (RESPMOD) requests to identify potential data loss incidents in content downloaded from your organization's web servers by external users. Disabled by default.

      Best practice: Only enable RESPMOD if you have web servers that external users can download information from that you want to analyze.