Forum Discussion

Monty_S__237327's avatar
Monty_S__237327
Icon for Nimbostratus rankNimbostratus
Dec 06, 2015

iRule to restrict activesync traffic to particular IPs but allow all other Exchange traffic

Hi All,   I am currently working on an MDM project, in which we are moving to AirWatch to proxy all Active Sync traffic.   In order to force all users to use Airwatch for all ActiveSync, we need ...
airwatch
application delivery
exchange 2013
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Dec 07, 2015

Hi Monty,

the Rule has a little problem with the tolower formating, but in general it would work. When formating a string to lower the compare string has to be lower case too, otherwise it won't match.

 

when HTTP_REQUEST {
        log local0. "Client IP: [IP::client_addr]"
        log local0. "URI: [HTTP::uri]"
        if {string tolower [HTTP::uri] contains "/microsoft-server-activesync*" and not ([class match [IP::client_addr] equals Airwatch_SEG_Servers]) } then {
            log local0. "dropped connection"
            reject 
        } else {
            pool EXCHANGE_2013_https_int_pool
        }
}

 

Cheers, Kai