Forum Discussion

Aaron_Warner_11's avatar
Aaron_Warner_11
Icon for Nimbostratus rankNimbostratus
Nov 14, 2013

Exchange HTTP redirect method for multitenancy irule

Hi Guys Wonder if someone can help me make this more correct. The goal is to have a single external IP that receives http redirect request from autodiscover clients and then redirects them to the correct https autodiscover url. So the client trys to connect via https to autodiscover.domain then when that fails it trys http,dns record points to an http virtual server then gets redirected to the correct https url. I've used this method with ISA previously. I know bugger all about irules so bare with me. This is what I've got so far. I'm using a datagroup list for the domains that belong to the exchange org in question. So in this example there are two seperate exchange orgs.

 

when HTTP_REQUEST { if { [class match [string tolower [HTTP::host]] equals AutoDiscover_tenants01] && [HTTP::uri] equals "/autodiscover/autodiscover.xml"}{ HTTP::respond 302 Location "https://autodiscover.environment1.com/autodiscover/autodiscover.xml" } if { [class match [string tolower [HTTP::host]] equals AutoDiscover_tenants02] && [HTTP::uri] equals "/autodiscover/autodiscover.xml"}{ HTTP::respond 302 Location "https://autodiscover.environment2.com/autodiscover/autodiscover.xml" } }

 

3 questions. 1. This irule is not taking any notice of the /autodiscover/autodiscover.xml requirement in the URI. So if just typing autodiscover.domain.com it will still redirect, I'd rather it only redirect if the autodiscover HOST AND URI is present . 2. I have a datagroup that only list domains, it's a waste to have a seperate datagroup for domains and then another for autodiscover. How can I use my existing datagroup in the HTTP::host domain. i.e "autodiscover." + datagroupdomain 3. Any recommended improvements I can make to this?

 

  • I can't see anything wrong with the logic - here's a idea to move you forward with the Rule though and including some logging;-

    when HTTP_REQUEST {
    
    if { [class match [string tolower [HTTP::host]] equals dg_autoDiscover_tenants] && [HTTP::uri] equals "/autodiscover/autodiscover.xml"} {
        log local0. "Redirecting [HTTP::host][HTTP::uri] to [class match -value [string tolower [HTTP::host]] equals dg_autoDiscover_tenants]"
        HTTP::respond 302 Location [class match -value [string tolower [HTTP::host]] equals dg_autoDiscover_tenants] 
    return
    }  
    }
    

    So your datagroup dg_autoDiscover_tenants would have Hosts as keys, and URIs ie https://autodiscover.environment2.com/autodiscover/autodiscover.xml as values. Check for logging output in /var/log/ltm.

5 Replies

  • I can't see anything wrong with the logic - here's a idea to move you forward with the Rule though and including some logging;-

    when HTTP_REQUEST {
    
    if { [class match [string tolower [HTTP::host]] equals dg_autoDiscover_tenants] && [HTTP::uri] equals "/autodiscover/autodiscover.xml"} {
        log local0. "Redirecting [HTTP::host][HTTP::uri] to [class match -value [string tolower [HTTP::host]] equals dg_autoDiscover_tenants]"
        HTTP::respond 302 Location [class match -value [string tolower [HTTP::host]] equals dg_autoDiscover_tenants] 
    return
    }  
    }
    

    So your datagroup dg_autoDiscover_tenants would have Hosts as keys, and URIs ie https://autodiscover.environment2.com/autodiscover/autodiscover.xml as values. Check for logging output in /var/log/ltm.

  • Do you know that you can use both DNS A records for autodiscover.domain.com or SRV record for _autodiscover._tcp.domain.com ( or something like that ). This may give you more flexibility as you can assign priorities and weights to the SRV records. Might be worth investigating.

     

  • That's exactly what I was looking for.

     

    However, I need something more complex...

     

    Same rule for the multitenancy but I also need to granulary look at the user calling that autodiscover URI...

     

    It is for exchange a migration purpose. If one user of an organization is migrated to a new server but not the second one, I only need the autodiscover to be redirected for the first user.

     

    So I would use a new data group which one would have the list of emails to be redirect.

     

    Is it possible ?

     

    Thanks