Forum Discussion
mbamusa_59409
Nimbostratus
NimbostratusOWA , ActiveSync And RPC Over HTTP in ONE VS
Hi All,
i have ONE virtual server configured for the three services (OWA , ActiveSync and Outlook Any Where) and it works fine ,but when i enabled th ASM OWA and ActiveSync are working fine ,but RPC Over HTTP not working any more and i did a small search on Askf5.com and i found the following Irule to disable ASM for RPC traffic ,but THE LTM version is 10.2.1
,so if there is any way else to do it on this Please HELP ME :) .
thank you
* BIG-IP ASM versions 9.4.2 through 9.4.7:
when HTTP_REQUEST {if { ([HTTP::path] eq "/rpc/rpcproxy.dll") and \(([HTTP::method] equals "RPC_IN_DATA") or ([HTTP::method] equals "RPC_OUT_DATA"))}{set rpcdata 1} else {set rpcdata 0}}when HTTP_CLASS_SELECTED {if { $rpcdata == 1 }{PLUGIN::disable ASM} else {PLUGIN::ensable ASM}}
10 Replies
- This irule should work in v10 accept you will need to change PLUGIN::disable ASM and PLUGIN::enable ASM to ASM::enable and ASM:disable. Double check the wiki for the new syntax.
Another option is to create a second http class that contains /rpg and disables ASM. You can then apply that above the class for ASM. - My last post should have read /rpc, darn auto correct.
Also note that using the class would not check the http method so it is less specific and so possibly less secure. 
mbamusa_59409Dear Brown,
Thank you for your kind reply .
Do you think the following irule syntax going to work on my case without changing any thing else .
rule irule_RPC {
when HTTP_CLASS_SELECTED {
PLUGIN::enable ASM
if { [HTTP::uri] contains "/rpc" } {
PLUGIN::disable ASM
}
}- That is pretty close. In v10 I would do something like this.(note the diffrence in the enable disable commands.)
when HTTP_CLASS_SELECTED {
if { [HTTP::uri] starts_with "/rpc" } {
ASM::disable
} else {
ASM::enable
}
} - mbamusa_59409Hi steve .
Thank you for your help .
i can't use this statment (if { [HTTP::uri] starts_with "/rpc" } { ) because i don't know how the request will reach F5 ,so csn i use the following instead :
when HTTP_CLASS_SELECTED {
if { $rpcdata == 1 }{
ASM::disable
} else {
ASM::enable
}
}
Thank You - No that will not work because $rpcdata is a variable so in you rule it will never b = 0 actually it is never defined. When you say you don't know how the request will reach the f5 are you concerned with case? If so just use string to lower like below. By the way if this is for outlook anywhere it will arrive starting wit /rpc as this is what the outlook client sends. Actually you could use eq "/rpc/rpcproxy.dll" as this is what it should always be.
when HTTP_CLASS_SELECTED {
if { [string tolower [HTTP::uri]] starts_with "/rpc" } {
ASM::disable
} else {
ASM::enable
}
} 
Michael_YatesWe had a similar problem. Try this:when HTTP_REQUEST { set path [HTTP::path] set method [HTTP::method] } when HTTP_CLASS_SELECTED { if { ($path eq "/rpc/rpcproxy.dll") and (($method equals "RPC_IN_DATA") or ($method equals "RPC_OUT_DATA")) } { PLUGIN::disable ASM } }- mbamusa_59409Dear michael,
1. BigIP version is 10.2.1 and it will not accept PLUGIN::disable ASM (i'll try with( ASM::Disable).
2. is this one or Two IRules .
waiting for you kind replay .
Thank You - Michael_YatesWe removed our OWA from behind the ASM after we upgraded from v9.4.3 to v10.2.0. I have not put it back behind the ASM, so that iRule is for v9.
I wasn't aware that the command for ASM was changed in the version upgrade. Thank you for pointing it out. I will make a note of it for when I re-implement this iRule.
This is actually one iRule. The path and method are set in the HTTP_REQUEST and then used as varuables in the HTTP_CLASS_SELECTED.
Let me know if this works for you. - mbamusa_59409Dear Steve and Michael,
I tried Steve's Irule which is :
when HTTP_CLASS_SELECTED {
if { [HTTP::uri] starts_with "/rpc" } {
ASM::disable
} else {
ASM::enable
}
}
and it works fine .
Thank you Steve and Michael for your help .
Best Regards
