iRule to Allow Outlook users by Username
Hi All, ive been presented with an interesting request. Currently our users authenticate to outlook (whether by their browser to OWA, mobile active sync, or the outlook application) directly through our F5 then go the Outlook servers. Our mobility team wants to implement an MDM solution so now all mobile users have to authenticate through a separate server, which then points to the F5. That part is working fine. However due to a limitation of the MDM there are some accounts that cant go through it and need to still go directly to the F5.
So that leads me to my question, is there a way to allow or block users based on the username they are trying to authenticate to OWA with? Basically if they are trying to log into user1@company.com they would be blocked. But if they tried with user2@company.com it would pass the traffic?
Thank you for any and all replies!
I think i may have figured it out. After spending some hours looking at packet captures I noticed in the URI active sync always sends the username as part of the string. So using an iRule it searches that URI for the specific user identity and if it matches, it lets it through. Seems to be working so for but have yet to do extensive testing on it. I just wonder how bad the resource usage on the F5s will be having to inspect the URI of every connection. Thanks for the replies!
"/Microsoft-Server-ActiveSync*" { if { [HTTP::uri] contains "username"}{ persist cookie pool POOL } else { discard }