Forum Discussion
4 Replies
Sort By
- Samir_Jha_52506Noctilucent
Yes. you can achieve via policy also. Please find the irule.
when CLIENT_ACCEPTED { if { ([string tolower [HTTP::host]] equals "xyz.com") && ([TCP::local_port] == 25)} { drop log local0. "connection dropped from [HTTP::host]" } }
- yosry92_331999Nimbostratus
how can i block it via policy??
- Stanislas_Piro2Cumulonimbus
Do you really require a Any port virtual server.
Starting with Exchange 2013, all exchange services are on HTTPS port.
if you require it, try this irule:
when CLIENT_ACCEPTED { if { [TCP::local_port] == 25} { TCP::respond "500 Service not available, closing transmission channel" } }
- ArieAltostratus
Blocking a single port violates the security best practices (which are often requirements) of "least privilege" and "default deny". I would recommend turning it around and allowing only what you actually need, even on a VIP that is configured to allow all ports.