Forum Discussion
iRule to match multiple conditions
Hi Karthik,
I've optimized a little your iRule based on some experiences...
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals OWA-NO-2FA] } then {
set OWA-2FA 0
} else {
set OWA-2FA 1
}
}
when HTTP_REQUEST {
set low_uri [string tolower [HTTP::uri]]
if { ( $OWA-2FA ) and
(( $low_uri starts_with "/owa" ) or
( $low_uri starts_with "/ecp" )) } then {
pool OWA_2FA_Pool
} elseif { $low_uri equals "/" } then {
HTTP::redirect "/owa/"
} else {
pool OWA_SSL_POOL
}
}
Note: I've moved the
to the [class match [IP::client_addr]]
event to save some CPU cycles for CLIENT_ACCEPTED
connections.keep-alive
Note: I'v added the
command so that case-sensitive URI (e.g. /oWa/) wouldn't bypass your 2FA requirement.[string tolower]
Note: I'v added the
condition to force 2FA also for Exchange Control Panel (aka. OWA Settings).($low_uri starts_with "/ecp")
Note: I'v added a
syntax to assist your users getting to their Inbox.[HTTP::redirect "/owa/"]
Cheers, Kai
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com