Forum Discussion
Vincent_Z_17509
Nimbostratus
NimbostratusExchange 2010, O365, APM and iRule
Hello,
I'm trying to deploy BIG IP with Exchange 2010 in hybrid mode. It involves that there is only authentication for OWA and ActiveSync and no authentication for the EWS and autodiscover. It ...
For EWS and Autodiscover, you should be able to add an iRule (or disable strictness on the iApp deployment and edit the existing pool assignment iRule) to disable APM for that traffic. For example:
when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/ews*" { ACCESS::disable } "/autodiscover*" { ACCESS::disable } }For OWA, you'll need to remove the logon page from the Access Policy and modify the sso_select iRule to choose the NTLM SSO instead of forms:
when ACCESS_ACL_ALLOWED { set req_uri [string tolower [HTTP::uri]] if { $req_uri contains "/owa" } { WEBSSO::select [set foo /Common/exchange_2010.app/exch_ntlm_sso] } unset req_uri }
For EWS and Autodiscover, you should be able to add an iRule (or disable strictness on the iApp deployment and edit the existing pool assignment iRule) to disable APM for that traffic. For example:
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::path]] {
"/ews*" {
ACCESS::disable
}
"/autodiscover*" {
ACCESS::disable
}
}
For OWA, you'll need to remove the logon page from the Access Policy and modify the sso_select iRule to choose the NTLM SSO instead of forms:
when ACCESS_ACL_ALLOWED {
set req_uri [string tolower [HTTP::uri]]
if { $req_uri contains "/owa" } {
WEBSSO::select [set foo /Common/exchange_2010.app/exch_ntlm_sso]
}
unset req_uri
}
AndreiPatergin_Nimbostratus
NimbostratusHi Mike, thanks a lot for the quick reply. You gave me the best solution recommendation. I really appreciate it. I created an iRule with your coding and now when I want to assign it to the combined vip do I just attach it with the rest of the iRules. Does the order matter?
