APM - allow ActiveSync, block OWA

Question

Hi all,
I've successfully deployed iApp fo Exchange 2013 LTM+APM. Now I would like to create policy that allow or deny access to OWA based on AD groups.
Now my policybased on ADquery allow access to both OWA and ActiveSync but I need to create 2 AD groups:
first for OWA and ActiveSync clients
second for only ActiveSync&nbsp;
No idea how to do it.&nbsp;

josiah_39459 · Answer

You can identify owa (web browser) vs activesync (microsoft exchange client) using a client check:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-2-0/apm_config_server_checks.html?sr=51220103205575&nbsp;
and you can check AD group membership with AD Query or LDAP Query:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-0-0/4.html?sr=51220171&nbsp;
Then it's just a matter of designing your VPE so the Allow and Deny are appropriate for the matches you want.&nbsp;

mikeshimkus_111 · Answer

Hi, you can edit your policy to check the landing URI of the request and perform different AD queries based on that URI. I assume that since you already have your policy working for OWA and ActiveSync, you must have this set up already and you would only need to add another leg to your policy to split those two services.

Forum Discussion

APM - allow ActiveSync, block OWA

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Block IP after a number of ASM Blocks

Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall

Block traffic

domain blocking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS