Forum Discussion
JoeTheFifth
Oct 27, 2018Altostratus
iRule is here: formatting is a bit off for now.
when CLIENT_ACCEPTED {
set client_id [format %09d [expr int(rand() * 1e9)]]
log local0. "--------------------------------- CLIENT_ACCEPTED ---------------- $client_id ------------------------------ [ACCESS::session sid]"
set office 0
set connectiontype 3 }
when HTTP_REQUEST {
log local0. "--------------------------------- REQUEST ---------------- $client_id ------------------------------ [ACCESS::session sid]"
set request "http://[HTTP::host][HTTP::uri]"
log local0. "requesteduri: [HTTP::uri]"
foreach aHeader [HTTP::header names] {
log local0. "Header $aHeader [HTTP::header value $aHeader]"
}
foreach cookie [HTTP::cookie names] {
log local0. "Cookie $cookie [HTTP::cookie value $cookie]" }
switch -glob [string tolower [HTTP::header "User-Agent"]] {
"*webdav-miniredir*" -
"*word*" -
"*excel*" -
"*office upload*" -
"*office existence discovery*" -
"*office protocol discovery*" -
"*soap toolkit*" -
"*ms-office*" -
"*microsoft office onenote*" -
"*frontpage*" -
"*msfrontpage*" -
"*shareplus*" {
set office 1
}
}
if { [string tolower [HTTP::header "User-Agent"]] eq "mswac" or [HTTP::cookie "Trusted"] eq 1} {
log local0. "We have an office Web Apps Call or a Trusted cookie"
switch -glob [string tolower [HTTP::uri] ] {
"*reauthpage*" {
log local0. "reauthpage here"
HTTP::redirect https://[HTTP::host]/_layouts/15/error.aspx
}
}
ACCESS::disable
log local0. "APM disabled"
}
else {
if { [HTTP::uri] contains "*reauthpage*" } {
if { [HTTP::cookie exists "MRHSession"] } {
HTTP::redirect https://[HTTP::host]/_layouts/15/error.aspx
}
}
if { $office eq 1 } {
if {not [HTTP::cookie exists "MRHSession"] } {
set office 1
set head1 "X-Forms_Based_Auth_Required"
set val1 "https://[HTTP::host]/reauthpage?ReturnUrl=/_layouts/15/error.aspx"
set head2 "X-Forms_Based_Auth_Return_Url"
set val2 "https://[HTTP::host]/_layouts/15/error.aspx"
HTTP::respond 403 -version "1.1" $head1 $val1 $head2 $val2}}}}
when HTTP_RESPONSE {
log local0. "--------------------------------- RESPONSE ---------------- $client_id ------------------------------"
foreach aHeader [HTTP::header names] {
log local0. "Header $aHeader [HTTP::header value $aHeader]"
}
foreach cookie [HTTP::cookie names] {
log local0. "Cookie $cookie [HTTP::cookie value $cookie]"
}
log local0. "Response status: [HTTP::status]"}
when HTTP_RESPONSE_RELEASE {
log local0. "--------------------------------- RESPONSE_RELEASE ---------------- $client_id ------------------------------"
foreach aHeader [HTTP::header names] {
log local0. "Header $aHeader [HTTP::header value $aHeader]"
}
foreach cookie [HTTP::cookie names] {
log local0. "Cookie $cookie [HTTP::cookie value $cookie]"
}
if { $connectiontype eq 0}
{
log local0. "adding Trust cookie here."
HTTP::cookie insert name Trusted value 1 path "/"
HTTP::cookie expires Trusted 28000 relative
HTTP::header insert "Set-Cookie" "MRHSession=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; domain=mydomain.com;path=/"
HTTP::header insert "Set-Cookie" "LastMRH_Session=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; domain=mydomain.com;path=/"}}
when ACCESS_SESSION_STARTED {
log local0. "--------------------------------- SESSION_STARTED ---------------- $client_id ------------------------------ [ACCESS::session sid]"
if { $office equals 1 } {
ACCESS::session data set session.custom.office 1}}
when ACCESS_POLICY_COMPLETED {
log local0. "--------------------------------- POLICY_COMPLETED $client_id ---------------------------------------------- [ACCESS::session sid]"
foreach aHeader [HTTP::header names] {
log local0. "Header $aHeader [HTTP::header value $aHeader]"
}
foreach cookie [HTTP::cookie names] {
log local0. "Cookie $cookie [HTTP::cookie value $cookie]"
}
set connectiontype [ACCESS::session data get session.decision_box.last.result]
log local0. "connectiontype: $connectiontype"
if {$connectiontype eq 0} {
ACCESS::respond 302 noserver Location [ACCESS::session data get session.server.landinguri]}}