Forum Discussion

Mike_59458's avatar
Mike_59458
Icon for Nimbostratus rankNimbostratus
Jul 21, 2011

Redirect connection in virtual server

I am looking to prevent a HTTPS request that ends in /owa (ie HTTPS://APP.Domain.com/OWA) to access the application (Exchange 2010). We are preventing using Microsoft Outlook Web Access /OWA from being accessed from outside our environment. We would like to redirect the request to the approved access portal (ie HTTPS://remote.domain.com). Once logged into the remote application users can access the Exchange OWA.

 

 

The only protocol that will be allowed is Exchange Activesync

 

 

I am thinking:

 

 

iRule to select pool and persistence for Active Sync.

 

All other protocol redirected to remote.dot.gov

 

when HTTP_REQUEST {

 

log local0.info "path = [HTTP::path] "

 

switch -glob [HTTP::path] {

 

 

"/Microsoft-Server-ActiveSync*" {

 

Direct all ActiveSync clients to a common pool; use

 

HTTP cookie persistence

 

persist cookie

 

pool Exch2010__single_as_pool

 

 

}

 

 

default {

 

This final section takes all non ActiveSync traffic

 

and redirect it to remote.dot.gov

 

HTTP::redirect https://[https::host][https::uri]

 

}

 

}

 

}

 

 

I am seeing the problem at the HTTP::redirect line. How do I configure the redirect line to go to HTTPS://remote.domain.com?

 

 

Mike Bednarck

 

 

  • Hi Mike,

    https::host and https::uri do not exist. Click Here to see the valid commands.

    I am assuming that SSL is being terminated at the F5.

    That being said I think you can re-write the statement to the following :

    HTTP::redirect "https://[HTTP::host]/[HTTP::uri]" 

    I hope this helps

    Bhattman
  • Bhattman,

     

     

    Okay now I don’t understand. The protocol "/Microsoft-Server-ActiveSync” we want to accept and pass through but redirect everything else to Remote.domain.com (with no extension after the .com). The pool and persist cookie (in fact the whole IF "/Microsoft-Server-ActiveSync” was pulled from a working iRule.

     

     

    If the request falls through the "/Microsoft-Server-ActiveSync” then I would like a redirect.

     

     

    Mike Bednarck

     

  • Bhattman,

     

     

    With the

     

     

    HTTP::redirect "https://[HTTP::host]/[HTTP::uri]" Do I put the remote.domain.com where the host is?

     

     

    Mike Bednarck

     

  • Hi Mike,

     

    Yes you can rewrite if you want to be more explicit

     

     

    HTTP::redirect "https://remote.domain.com/"

     

     

    Bhattman

     

  • Hey Mike, just to clarify if you were to use "https://[HTTP::host]/[HTTP::uri]" you're going to redirect to the same host and uri you're currently conected to..... on HTTPS

     

    Something like that is usefull when you want to redirect http to https traffic...among other things.

     

     

    Also, there is an extra "/" in there.. though it will probably work you don't need it..