Monitoring HTTP GET in Vontu DLP - Web Prevent
Just curious if anyone has any information on monitoring HTTP GET requests using DLP Web Prevent (ICAP from Proxy).
The documentation (and configuration) has an option to enable HTTP GET scanning- but what does this mean exactly?
Does it search just "in the URI" itself ? Or does it search within other headers (eg. Cookies, XHeaders, etc)?
Further, do we know if it can handle encodings- even basic ones like Base64 in those fields?
Finally, does Vontu for GETs perform any sort of "sessionization", in other words- linking multiple GET requests together that may be part of the same session to determine leakage.
We are are currently monitoring HTTP POSTS (and evaluating HTTPS - SSL decryption on proxy), and now looking into feasibility of HTTP GETS. Just looking for some information from other users who may be heading down the same path.