ISGMLUG

The HTTP 1.1 protocol has it’s own tracing method implemented called TRACE which provides route tracing on request. Of course many people simply use traceroute commands which are available on most operating systems - however this only tracks hops on the network router level. The HTTP trace method actually provides much more detailed tracking and can even pick up any intermediate servers between the various router hops. This can be very useful in a wide variety of situations:

• You can exactly determine a proxy route a HTTP request is making.
• Identify all servers in the chain, including their various versions of software, HTTP and OS.
• Useful for detecting infinite loops
• Tracking down any invalid responses on the route.
• Identify any router, hub or proxy server which is causing a routing issue.

In some senses the TRACE method is very much like that more familiar GET method, but here the target server is simply supplied as a parameter. You can set the maximum number of hops that are to be followed by using the Max-Forwards header. This setting is essential if you need to detect and track the causes of infinite loops without simply getting stuck in them. Without this setting your troubleshooting efforts would be stuck in the loop too, especially when you are dealing with proxy chains. There are other benefits of using this method too, for example imagine trying to troubleshoot issues in an international proxy chain perhaps spread across Europe. Maybe you’ve decided the issue may be between the French or German proxies like in this example - http://thenewproxies.com/german-proxy/.

Well using the TRACE method you can fine tune your troubleshooting even more by using telnet. The HTTP TRACE request can actually be sent using telnet - just loging manually and issue the at the command line. You will then receive a response directly from that specific server in the chain and it will carry a HTTP message in the response that will indicate what happened to the packet when it reached the final server. You can even fine tune even more by using the VIA header which can indicate the exact route taken or to specify a route if you suspect a specific server or router to be the problem.

Source: http://www.youtube.com/watch?v=R-6JjuQGHJw

In brief, the protocol functions as follows. An HTTP message is passed by an ICAP client to the ICAP server. The server processes the message and sends a reply back to the customer. An ICAP client can be both a Web proxy server or even a Web client. An ICAP server can support services that are expressly requested by customers.

As an instance of the protocol’s use, envision the following situation. An ICAP server implements an access control service : two services, and an antivirus service. Hosts inside a network have access to the Internet via a Web proxy server.

Based on the above situation, the access control service supplied by the ICAP server checks whether a Web client can connect to a Website requested by the client. More particularly, the Web client sends an HTTP request to the proxy server. The access control service of the ICAP server checks if the customer can see or not the site. Eventually, the ICAP server either enables the proxy server to continue with the petition or otherwise, reacts with an informative HTTP message, which is redirected to the Web client by the proxy server.

The service, on the flip side, checks whether information passed through the proxy server are impacted with a virus. The ICAP server scans the incoming information for viruses. The ICAP server responds with a Web page telling the user about the difficulty, if a virus is detected. In order to improve the checks it’s best to send the test virus from a variety of sources. So for example you could buy a US IP and generate the test virus from an American server, in order to protect the perimeter. Many IT Security professionals routinely buy proxy services and VPNs in order to test the integrity of both their internal and external security.

The ICAP protocol is easily extended so that it could control other kinds of info rather than just HTTP requests and answers. For instance, it might be expanded to manage email messages. The format of an e-mail message is just like the format of an HTTP reply. In general, every object or piece of data can be called an HTTP object. For instance, a simple file can be enclosed into an item that contains the real content of the file in addition to file descriptors (Content - Length, Content - Type ) in the and Day, Content Language, kind of HTTP headers.