Forum Discussion

M451_315544's avatar
M451_315544
Icon for Cirrus rankCirrus
Apr 04, 2018

Block Active-Sync on Virtual Server

Currently we have updated the iRule that was created via a template (probably through iApps at some point) with this code.   switch -glob -- [string tolower [HTTP::path]] { "/microsoft...
application delivery
iRules
LTM
  • M451_315544's avatar
    M451_315544
    Apr 05, 2018

    I was able to resolve this using this updated iRule.

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "/microsoft-server-activesync"  } {
    drop
    }
   }
M451_315544's avatar
M451_315544
Icon for Cirrus rankCirrus
Apr 04, 2018

Full iRule here. 

when HTTP_REQUEST {


     Offline Address Book and Autodiscover do not require persistence.

    switch -glob -- [string tolower [HTTP::path]] {

         "/microsoft-server-activesync*" {
            drop
        } 
        "/microsoft-server-activesync*" {
            reject
        }

        "/owa*" {
             Outlook Web Access
            if { [HTTP::header exists "APM_session"] } {
                persist uie [HTTP::header "APM_session"] 7200
            } else {
                persist source_addr 255.255.255.255 3600
            }
            pool email.REDACTED_owa_pool
            return
        }

        "/ecp*" {
             Exchange Control Panel.
            if { [HTTP::header exists "APM_session"] } {
                persist uie [HTTP::header "APM_session"] 7200
            } else {
                persist source_addr 255.255.255.255 3600
            }
            pool email.REDACTED_owa_pool
            return
        }

        "/ews*" {
             Exchange Web Services. 
            if { [HTTP::header exists "APM_session"] } {
                persist uie [HTTP::header "APM_session"] 7200
            } else {
                persist source_addr
            }
            pool email.REDACTED_owa_pool
            COMPRESS::disable
            return
        }
        "/oab*" {
             Offline Address Book.
            pool email.REDACTED_owa_pool          
            return
        }

        "/rpc/rpcproxy.dll" {
         Outlook Anywhere.
            if { [HTTP::header exists "APM_session"] } {
                persist uie [HTTP::header "APM_session"] 7200
                } elseif { [string tolower [HTTP::header "Authorization"]] starts_with "basic" } {
                persist uie [HTTP::header "Authorization"] 7200
                } else {
                persist source_addr
                }
               
            pool oa_pool_name          
            COMPRESS::disable
            return
        }

        "/autodiscover*" {
             Autodiscover.
            pool email.REDACTED_autodiscover_pool            
            return
        }

        default {
             This final section takes all traffic that has not otherwise
             been accounted for and sends it to the pool for Outlook Web App
            if { [HTTP::header exists "APM_session"] }  {
                persist uie [HTTP::header "APM_session"] 7200
            } else {
                persist source_addr
            }
            pool email.REDACTED_owa_pool           
        }
   }
}

when HTTP_RESPONSE {
    if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} {
        ONECONNECT::reuse disable
        ONECONNECT::detach disable
         this command disables NTLM conn pool for connections where OneConnect has been disabled
        NTLM::disable
    }
     this command rechunks encoded responses
    if {[HTTP::header exists "Transfer-Encoding"]} {
        HTTP::payload rechunk
    }        
}