Forum Discussion

JT_199720's avatar
JT_199720
Icon for Nimbostratus rankNimbostratus
Jul 11, 2018

Restrict Access to ActiveSync to one IP when using Exchange 2013 iapp in combined mode

I am trying to find a way to restrict access to Active Sync services to only the IP of our MDM server. We are using the Exchange 2013 iapp template, this is configured in combinded services mode where all services share the same name/IP. Any guidance would be greatly appreciated.

The current iRule applied to the VS is: -Exchange 2013 iRule to select pool without persistence when all Exchange -HTTP-based services are accessed through the same virtual server. when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { TCP::idletime 1800 pool /Common/LVCASARRAY.app/LVCASARRAY_as_pool7

        CACHE::disable
        return
    }

Would something like this work:

when HTTP_REQUEST { if { [string tolower [HTTP::path]] eq "/microsoft-server-activesync" and !([IP::client_addr] eq "x.x.x.x") } { drop }

        TCP::idletime 1800
        pool /Common/LVCASARRAY.app/LVCASARRAY_as_pool7

        CACHE::disable
        return
    }

Thanks in Advance

application delivery
iApps
iRules
security

1 Reply

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jul 11, 2018

    Hi,

    You can try this:

    HTTP_REQUEST { 


set path [string tolower [HTTP::path]] 

if { $path starts_with "/microsoft-server-activesync" && !([IP::addr [IP::client_addr] equals 10.1.1.1/32]) } {

drop

} elseif { $path starts_with "/microsoft-server-activesync"  } {

TCP::idletime 1800 pool /Common/LVCASARRAY.app/LVCASARRAY_as_pool7

CACHE::disable
return

}
}