Protecting Corporate Networks Easily with Diladele Web Safety

The Diladele Web Safety ICAP configuration guide details how to integrate and manage the ⁠Diladele Web Safety ICAP daemon (wsicapd) with a caching proxy server, most commonly Squid Proxy, to provide content filtering and threat protection. Architectural Overview

Traffic Flow: A client browser sends HTTP/HTTPS requests to the Squid proxy.

The ICAP Channel: Squid intercepts the traffic and passes the request (REQMOD) and response (RESPMOD) details via the ICAP protocol to the Web Safety daemon.

Policy Decision: The Web Safety ICAP server checks the URL against policies, inspects HTML or files, and signals Squid to either allow the connection or return a “Blocked” page. Core Configuration Steps 1. Network and Service Setup

ICAP Daemon Port: By default, the wsicapd filter listens locally on Port 1344. If deploying a multi-server setup, the daemon can be reconfigured via the Admin UI (Settings > Network > Port) to bind to a public IP or custom port.

DNS Resolution: The proxy appliance relies heavily on robust DNS settings; both A and PTR (reverse lookup) records must be configured so Active Directory integrations and domain-filtering policies parse data correctly. 2. Integrating with Squid Proxy

The core integration requires mapping Squid to the Web Safety ICAP server using specific entries inside the squid.conf configuration file. The baseline directives usually look like this:

icap_enable on icap_send_client_ip on icap_send_client_username on icap_service ws_req reqmod_precache icap://127.0.0.1:1344/reqmod icap_service ws_resp respmod_precache icap://127.0.0.1:1344/respmod adaptation_access ws_req allow all adaptation_access ws_resp allow all Use code with caution.

Client Metadata: The icap_send_client_ip and icap_send_client_username options are critical. They pass user contexts to the ICAP daemon so group-specific blocking profiles can be enforced. 3. Managing Filtering Policies

Once the ICAP bridge is operational, all remaining definitions are managed via the web-based Python Django Admin UI: www.diladele.com WebSafety UI – Web Safety