Forum Discussion

islam_nadim's avatar
islam_nadim
Icon for Cirrus rankCirrus
Oct 14, 2020

Block OWA Users Based on Domain

Hello All,

 

Is there a way to block the users accessing the OWA through the F5 using their domain?

 

For example, I have 2 domains; domain1.com and domain2.com .. I want only users from domain1.com to be able to use OWA, but users from domain2.com to be blocked.

 

Is this possible on ASM/LTM level?

application delivery
ASM Advanced WAF
iRules
LTM
security
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Oct 14, 2020

    Hi islam.nadim,

    ASM:

    Security  ››  Application Security ›› Headers ›› Host Names

    add host names

    Security  ››  Application Security ››  Policy Building ›› Learning and Blocking Settings

    ›› Headers

    ›› Illegal host name

    Enable alarm and block settings

    Save Policy

    Apply Policy

    LTM:

    iRule:

    when HTTP_REQUEST {
	if { [HTTP::host] ne "domain1.com" } {
		drop
	}
}

    Policy:

    • islam_nadim's avatar
      islam_nadim
      Icon for Cirrus rankCirrus
      Oct 15, 2020

      Hello  ,

       

      Thank you for the reply, maybe I haven't cleared exactly what I'm looking to achieve. It is not related to DNS or FQDNs. It is related to logging in to the OWA. So, if a user types <Username>@domain1.com, he can access .. But if he types <Username>@domain2.com, ASM should block such traffic ..

       

      I mean, I want only <Username>@domain1.com to be working, but any other domain to be dropped showing ASM block page.

       

      Hope this clears what I'm looking to achieve.

      • Ivan_Chernenkii's avatar
        Ivan_Chernenkii
        Icon for Employee rankEmployee
        Oct 29, 2020

        Hello,

         

        Do you have any login page in your ASM configuration?

        If you deal with logging, then better to configure appropriate login page.

         

        Thanks, Ivan