Forum Discussion

MR_Freddy's avatar
MR_Freddy
Icon for Nimbostratus rankNimbostratus
Oct 17, 2019

Reject Mobile Device ID for ActiveSync with APM

Hi Guys,

 

We have a requirement to allow certain Device ID to initiate ActiveSync traffic normally and reject other device IDs

 

We followed the same irule here https://devcentral.f5.com/s/articles/ms-exchange-active-sync-device-auth

But just we changed the last line instead of "ACCESS::session remove " to be "Reject" , but not working fine

 

Once we removed one of Device ID from data group and add it again , it is getting rejected , once we removed "Reject" statement the device is able to work fine with active sync , So I don't know the reason for that

 

BTW , VS has APM , ASM policies

 

 

 

when HTTP_REQUEST {

 

 # Apply DeviceID restriction to all ActiveSync directory traffic

 if {[HTTP::path] == "/Microsoft-Server-ActiveSync"} {

 

  # Determine whether connection is Base64 encoded, (Windows Phone) and if necessary begin decoding process

  set string_b64encoded [HTTP::query]

  if {[catch {b64decode $string_b64encoded} string_b64decoded] == 0 and $string_b64decoded ne ""} {

   binary scan $string_b64decoded x4H2 IDlenHEX

   scan $IDlenHEX %x IDlenDEC

   set IDlen [expr "$IDlenDEC * 2"]

   binary scan $string_b64decoded x5H$IDlen HEXdeviceID

   set string_sentid [string toupper $HEXdeviceID]

  } else {

   set string_sentid [string toupper [URI::query [HTTP::uri]]]

  }

                 

  # compare deviceID presented in HTTP::query with BigIP Data Group List - 'devices'

  if {[class match $string_sentid contains devices]} {

   log local0.info "Successful login with deviceID: $string_sentid"

  } else {

   log local0.info "Failed login with deviceID: $string_sentid"

   reject     

  }

 }

}

No RepliesBe the first to reply