For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joshua_Bines_12's avatar
Joshua_Bines_12
Icon for Cirrus rankCirrus
Mar 07, 2017

 

priority 899
when HTTP_REQUEST {
     Bar admin access:
    if { [string tolower [HTTP::uri]] starts_with "/ecp/?exch" } {
     Bar access from everybody:
    if { [HTTP::uri] starts_with "/ecp" } {
        HTTP::respond 403 content {
            
               
                  External ECP Access Disabled
               
               
                  External Exchange Control Pannel (ECP)
                  We are sorry, for security reasons external ECP access is disabled.
                  To return click 
               
            
        } "Content-Type" "text/html" Connection close
    } 
}

 

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Mar 07, 2017

    Well, you may well add the "string tolower" bit, but I should think such a URL ought to be case-sensitive. I never tested it though.

     

  • Joshua_Bines_12's avatar
    Joshua_Bines_12
    Icon for Cirrus rankCirrus
    Mar 07, 2017

    Thanks for the reply. From our testing, it showed that if you used "ecp/?exchclientver=15" or "ECP/?ExchClientVer=15" the irule would not match and grant users access.

     

    Once all our mailboxes have been migrated to exchange 2016 we will bar all external users to the ecp directory