Forum Discussion

laerm_151742's avatar
laerm_151742
Icon for Nimbostratus rankNimbostratus
Aug 08, 2014

IE choking on exchange iRule

Hello community, Bit of a strange issue, and it's most probably an IE bug but I was wondering if anyone had tips on how to mitigate by tweaking the iRule in the Exchange 2013 iApp. We can't reprodu...
application delivery
BIG-IP Access Policy Manager (APM)
devops
exchange 2013
iApps
iRules
LTM
security
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Aug 08, 2014

    Hi laerm, the popup isn's using the referer header that we key on to tell us that the request came from OWA instead of EAC. Try modifying your rule to include the URL for the rule editor:

     

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "/ecp" } {
        set response "EAC Access Denied
        We are sorry, but access to the Exchange Administration Center is
        restricted to approved client IP addresses. Your IP address, 
        [IP::client_addr], is not approved."
        if { [HTTP::header exists "Referer"] } {
            if {[HTTP::header "Referer"] contains "rfr=owa" } {
                pool my_owa_pool
            }               
        } elseif {[string tolower [HTTP::uri]] contains "/ruleseditor/editinboxrule.aspx" || [class match [IP::client_addr] equals "exchange_2013_trustedAddresses"]} {
            pool my_owa_pool
        } else {
            HTTP::respond 200 content $response
        }
        unset response
    }
}

     

mikeshimkus_111's avatar
mikeshimkus_111
Historic F5 Account
Aug 08, 2014
I've found a few more instances where access is denied for resources when the Referer header is not sent. We'll take care of that in a future version of the iApp, but for now you should redeploy and disable that feature.