Forum Discussion

Nimbostratus

Nov 14, 2014

Block access to Activesync with f5.microsoft_exchange_2010_2013_cas.v1.3.0 iapp

Hello,

I am looking to block our external users from using active-sync via our F5 appliance after switching to using the F5 for external access and load balancing for our Exchange 2010 environment. We are using Airwatch for activesync and since installing the F5 for our external email access it now allowing users to access email on a IOS/Android device bypassing Airwatch security.

Thanks for any suggestions!

application delivery

BIG-IP Access Policy Manager (APM)

mikeshimkus_111
Nov 14, 2014
Hi Keith, you could create an iRule like this one and attach it to the virtual server using the iApp's advanced mode. Or, you could modify the pool assignment iRule created by the iApp, however that will require disabling strictness on the deployment.

when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { drop } } }

mikeshimkus_111
Historic F5 Account
Nov 14, 2014
Hi Keith, you could create an iRule like this one and attach it to the virtual server using the iApp's advanced mode. Or, you could modify the pool assignment iRule created by the iApp, however that will require disabling strictness on the deployment.

when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { drop } } }
- Keith_Fox_15580
  Nimbostratus
  Nov 14, 2014
  This appears to be working perfectly, thanks for the quick response!
Yann_Desmarest
Cirrus
Nov 14, 2014
Hello,

You can use : - ASM - LTM policies - irules

to block access to /Microsoft-Server-ActiveSync url