Forum Discussion
Kevin_Stewart
Jun 25, 2014Employee
I'm not sure it's a matter of priority or order of operation as much as it is perhaps some missing pieces. Assuming you have a server SSL profile applied to the VIP, the activesync and OA path conditions are not explicitly disabling server side SSL. I've reworked your code to include all conditions in a single iRule:
when HTTP_REQUEST {
OAB and Autodiscover do not require persistence.
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync" {
Direct all ActiveSync clients to a common pool; use Auth
header value if it exists (Basic auth only, which is the
default); otherwise we fall back to client IP
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} elseif { [HTTP::header exists "Authorization"] } {
persist uie [HTTP::header "Authorization"] 7200
} else {
persist source_addr
}
pool exchange_as_pool
COMPRESS::disable
CACHE::disable
disable serverssl serverside
SSL::disable serverside
return
}
"/EWS/mrsproxy.svc" {
If the request is for a proxy.svc URI select a separate pool
and leave serverssl enabled
pool exchange2010_secure_pool
}
default {
This final section takes all traffic that has not otherwise
been accounted for and sends it to the pool for Outlook Web App
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
pool exchange2010_owa_pool
disable serverssl serverside
SSL::disable serverside
}
}
}
when HTTP_RESPONSE {
if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate" } {
ONECONNECT::reuse disable
ONECONNECT::detach disable
NTLM::disable
}
if { [HTTP::header exists "Transfer-Encoding"] } {
HTTP::payload rechunk
}
}