Forum Discussion
Mike_59458
Nimbostratus
NimbostratusRule not working as expected
I have installed this rule on a virtual server for a Exchange 2010 Client Access Server. I am trying to block access to OWA on this VS. Code is below:
(code)
when HTTP_REQUEST {
HTTP::enable
if {[string tolower [HTTP::uri]] eq "/owa" } {
HTTP::respond 401
}
}
(end code)
I get to the login screen but it will not let me log in. I was hoping that the HTTP::respond 401 would send a 401 error screen if the /owa URI was at the end of the URL. Am I missing something?
Mike
nitassEmployee
I was hoping that the HTTP::respond 401 would send a 401 error screen if the /owa URI was at the end of the URL.should we use ends_with instead of eq?
e.g.[root@iris:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.17.33:http ip protocol tcp rules myrule profiles { http {} tcp {} } } [root@iris:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if {[string tolower [HTTP::uri]] ends_with "/owa"} { HTTP::respond 401 } } } [root@iris:Active] config curl -i http://172.28.17.33/test/owa HTTP/1.0 401 Unauthorized WWW-Authenticate: Basic realm="" Server: BigIP Connection: Keep-Alive Content-Length: 0
Michael_YatesMost instances of OWA that I have seen use it has http://owa.domain.com/owa
So you might want to use "starts_with".
eq / equals is absolute, so if the HTTP::uri contains anything else (upto and including a trailing slash on the owa "/owa/", then it would not qualify as a match.
Hope this helps.
Bayan_El_Ameen1Add that you can drop the connection totally by using the "drop" keyword instead of using "HTTP::respond 401"- Michael_YatesHi Bayan,
Reset might be a better alternative to drop.
Reset sends a connection reset for the protocol of the request.
http://devcentral.f5.com/wiki/iRules.reject.ashx
Drop / Discard will just drop it and the connection will go into a wait status until it times out.
http://devcentral.f5.com/wiki/iRules.drop.ashx - Bayan_El_Ameen1Thank you Michael for your note