Forum Discussion
email is launched using the VIP configured in the APM on which a access policy for OWA access was setup. Client is able to authenticate and launch his resources - his mail box. If there are any urls in his email, he is able to access them too.
Lets say the OWA VIP is if there is any url in the outlook - lets say https://myinternalserver.mydomain.com/home/init.jsp and if the client is clicks on it, he is able to access the url through APM default route. When client clicks on the url, a new tab opens and url will be as https://mail.domain.com/f5-w1232346453429$$/home/init.jsp which means that APM is trying to open a connection to internal servers using a default route or some vlan configured in the APM. Ideally this shouldn't be the case, user should be prompted with a error page showing as 'You do not have permission to access this page.' Can someone suggest how to block this url redirection or accessibility.
Here is the VIP and the access policy configuration.
VIP:: ltm virtual exch-cas-https { destination 200.200.200.20:https ip-protocol tcp mask 255.255.255.255 persist { exch_owa_cookie { default yes } } profiles { Exchange-OWA-Rewrite { } Exchange-OWA-app { } connectivity-for-upgrade { context clientside } exch_owa_https { context clientside } http { } ppp { } serverssl { context serverside } tcp-lan-optimized { context serverside } tcp-wan-optimized { context clientside } websso { } } rules { Exchange_OWA_cookie_add prepend LogoffWorkaround } source 0.0.0.0/0 source-address-translation { type automap } vs-index 7
Here are the screenshot of the Access-policy configured on the APM.