iRule to block access to Office 365 components when using APM SAML 2.0 iApp

Question

Deployed BIG-IP APM as a SAML 2.0 Identity Provider for Microsoft Office 365. One iApp facilitates internal authentication, while the other facilitates external. Interested in creating an iRule that would allow only ActiveSync requests to be authenticated, but block OWA and Outlook client requests. I see you can use claim rules when AD FS is Windows-based (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh526961(v=ws.10)), but the F5 has replaced the AD FS infrastructure. Is this possible with an iRule on the external iApp?

ryan_w__278625 · Answer

I am going to test the iRule listed below.  Should this work for blocking all authentication requests except for ActiveSync for the Office 365 SAML iApp?&nbsp;
when HTTP_REQUEST {
    switch -glob -- [string tolower [HTTP::path]] {
    "/ews" {
        ACCESS::disable
    }
    "/autodiscover" {
        ACCESS::disable
    }
    "/owa*" {
        ACCESS::disable
    }
}&nbsp;

Forum Discussion

iRule to block access to Office 365 components when using APM SAML 2.0 iApp

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

SSL VPN Split Tunneling and Office 365

Mitigating OWASP Web Application Risk: Vulnerable & Outdated Components using F5 XC Platform

SSL VPN Tunnel and Office 365

F5 Automation Toolchain: Upload the Components with BIGREST!

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS