Forum Discussion
iRULE to allow active sync access only for certain geolocation
- Mar 26, 2017
You can try this:
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] eq "SG" } { set allowed 1 } } when HTTP_REQUEST { if { [HTTP::path] starts_with "/microsoft-server-activesync" and $allowed == 0 } { HTTP::respond 403 content "Active Sync is blocked" } }
You can try this:
when CLIENT_ACCEPTED {
set allowed 0
if { [whereis [IP::client_addr] country] eq "SG" } {
set allowed 1
}
}
when HTTP_REQUEST {
if { [HTTP::path] starts_with "/microsoft-server-activesync" and $allowed == 0 } {
HTTP::respond 403 content "Active Sync is blocked"
}
}
- F5user13_114603Mar 26, 2017Cirrus
Thanks kujan for the response. I will try it out and let you know.
In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:
when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop
}
Thanks.
- kunjan_118660Mar 27, 2017Cumulonimbus
Need to test, but seems ok.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com