Forum Discussion

F5user13_114603's avatar
Mar 25, 2017

iRULE to allow active sync access only for certain geolocation

Can anyone help me write an irule to allow active sync access only to certain geolocation.

 

Thanks!

 

  • You can try this:

    when CLIENT_ACCEPTED {
    
        set allowed 0
    
        if {  [whereis [IP::client_addr] country] eq "SG" } {
    
            set allowed 1 
    
        }
    
    }
    
    when HTTP_REQUEST {
    
        if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {
    
            HTTP::respond 403 content "Active Sync is blocked"
    
        }
    
    }
    
  • You can try this:

    when CLIENT_ACCEPTED {
    
        set allowed 0
    
        if {  [whereis [IP::client_addr] country] eq "SG" } {
    
            set allowed 1 
    
        }
    
    }
    
    when HTTP_REQUEST {
    
        if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {
    
            HTTP::respond 403 content "Active Sync is blocked"
    
        }
    
    }
    
    • F5user13_114603's avatar
      F5user13_114603
      Icon for Cirrus rankCirrus

      Thanks kujan for the response. I will try it out and let you know.

      In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:

      when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop

      }
      

      Thanks.

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus

    You can try this:

    when CLIENT_ACCEPTED {
    
        set allowed 0
    
        if {  [whereis [IP::client_addr] country] eq "SG" } {
    
            set allowed 1 
    
        }
    
    }
    
    when HTTP_REQUEST {
    
        if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {
    
            HTTP::respond 403 content "Active Sync is blocked"
    
        }
    
    }
    
    • Thanks kujan for the response. I will try it out and let you know.

      In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:

      when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop

      }
      

      Thanks.