Forum Discussion
NimbostratusRestrict Access to ActiveSync to one IP when using Exchange 2013 iapp in combined mode
I am trying to find a way to restrict access to Active Sync services to only the IP of our MDM server. We are using the Exchange 2013 iapp template, this is configured in combinded services mode where all services share the same name/IP. Any guidance would be greatly appreciated.
The current iRule applied to the VS is: -Exchange 2013 iRule to select pool without persistence when all Exchange -HTTP-based services are accessed through the same virtual server. when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { TCP::idletime 1800 pool /Common/LVCASARRAY.app/LVCASARRAY_as_pool7
CACHE::disable
return
}
Would something like this work:
when HTTP_REQUEST { if { [string tolower [HTTP::path]] eq "/microsoft-server-activesync" and !([IP::client_addr] eq "x.x.x.x") } { drop }
TCP::idletime 1800
pool /Common/LVCASARRAY.app/LVCASARRAY_as_pool7
CACHE::disable
return
}
Thanks in Advance
youssef1Cumulonimbus
Hi,
You can try this:
HTTP_REQUEST { set path [string tolower [HTTP::path]] if { $path starts_with "/microsoft-server-activesync" && !([IP::addr [IP::client_addr] equals 10.1.1.1/32]) } { drop } elseif { $path starts_with "/microsoft-server-activesync" } { TCP::idletime 1800 pool /Common/LVCASARRAY.app/LVCASARRAY_as_pool7 CACHE::disable return } }