Forum Discussion
iRULE to allow active sync access only for certain geolocation
Can anyone help me write an irule to allow active sync access only to certain geolocation.
Thanks!
You can try this:
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] eq "SG" } { set allowed 1 } } when HTTP_REQUEST { if { [HTTP::path] starts_with "/microsoft-server-activesync" and $allowed == 0 } { HTTP::respond 403 content "Active Sync is blocked" } }
- kunjan_118660Cumulonimbus
You can try this:
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] eq "SG" } { set allowed 1 } } when HTTP_REQUEST { if { [HTTP::path] starts_with "/microsoft-server-activesync" and $allowed == 0 } { HTTP::respond 403 content "Active Sync is blocked" } }
Thanks kujan for the response. I will try it out and let you know.
In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:
when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop
}
Thanks.
- kunjan_118660Cumulonimbus
Need to test, but seems ok.
- kunjanNimbostratus
You can try this:
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] eq "SG" } { set allowed 1 } } when HTTP_REQUEST { if { [HTTP::path] starts_with "/microsoft-server-activesync" and $allowed == 0 } { HTTP::respond 403 content "Active Sync is blocked" } }
Thanks kujan for the response. I will try it out and let you know.
In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:
when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop
}
Thanks.
- kunjanNimbostratus
Need to test, but seems ok.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com