Forum Discussion

F5user13_114603's avatar
F5user13_114603
Icon for Cirrus rankCirrus
Mar 25, 2017

iRULE to allow active sync access only for certain geolocation

Can anyone help me write an irule to allow active sync access only to certain geolocation.   Thanks!  
application delivery
iRules
  • kunjan_118660's avatar
    kunjan_118660
    Mar 26, 2017

    You can try this:

    when CLIENT_ACCEPTED {

    set allowed 0

    if {  [whereis [IP::client_addr] country] eq "SG" } {

        set allowed 1 

    }

}

when HTTP_REQUEST {

    if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {

        HTTP::respond 403 content "Active Sync is blocked"

    }

}
kunjan's avatar
kunjan
Icon for Nimbostratus rankNimbostratus
Mar 26, 2017

You can try this:

when CLIENT_ACCEPTED {

    set allowed 0

    if {  [whereis [IP::client_addr] country] eq "SG" } {

        set allowed 1 

    }

}

when HTTP_REQUEST {

    if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {

        HTTP::respond 403 content "Active Sync is blocked"

    }

}
  • F5user13_114603's avatar
    F5user13_114603
    Icon for Cirrus rankCirrus
    Mar 26, 2017

    Thanks kujan for the response. I will try it out and let you know.

    In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:

    when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop

    }

    Thanks.

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Mar 27, 2017

    Need to test, but seems ok.