For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hardi_ameen's avatar
hardi_ameen
Icon for Cirrus rankCirrus
Jun 21, 2017

Geo-Location restriction using iRule for MS-Exchange

Hi,

Description: in our environment the MS-Exchange has been integrated with F5 BigIP, and now deployed Geo-location to restrict the connection from any Geo-Location and only allow from the local GL while from the F5 can see two different type of traffic from MS-Exchange which are "active sync and OWA-Auth".

the Requirement: 1- Active-Sync - to be allowed from any Geo-location. 2- OWA-Auth; only to be allowed from US Geo-location.

I modified the following iRule but with no luck. when CLIENT_ACCEPTED {

 Get the country client IP
switch [whereis [IP::client_addr] country] {

     {
        set allowed 1
     }
     default { set allowed 0 }
}

}

when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/***" } { if {$allowed == 0}{ drop HTTP::respond 403 content {Blocked!} } } }

your advice is highly appreciated!

iRules
security